Xerox day vulnerability

Ben Nassi, Adi Shamir, Yuval Elovici

IEEE Transactions on Information Forensics and Security 14 (2), 415-430, 2018

In the area of espionage between countries, an infiltration covert channel used to trigger a silent malware installed on a network of a critical organization (such as 911 services and missile launching facility) from the outside world is extremely dangerous to the target country’s security. In order to prevent attackers from establishing such a channel, these organizations take various steps to secure their networks, to make the establishment of this type of covert channel very challenging and almost impractical to achieve; the current state of the art methods are very limited and ineffective. In this paper, we show that even a strong isolation technique, such as air-gapping the network, can be circumvented by using an organizational multifunction printer (MFP) to establish an infiltration covert channel in order to communicate with a malware installed on an isolated organization from the outside. We show how an attacker can …