-5

Say I want to write a top secret document (yeh, I'm a secret agent), and I use the method in the title...more specifically

1) Write a document on TextEdit on a Macbook Pro

2) Do not save it

3) Print it through a wireless printer

4) Close the document without saving it

What are the various ways a hacker could actually obtain the document? (p.s. I know this isn't 100% secure...just wondering the various methods one would use to obtain the document)

My ideas...

1) Can a hacker (say the government) obtain direct access to my screen through the serial number of my Macbook Pro and watch as I real-time type it, thus obtaining the document? Seems possible.

2) Installing a keylogger on the Macbook Pro, thus saving every keystroke I type onto an external document (I know this could easily work, but wouldn't someone have to physically obtain the laptop in order to do this? Or could they somehow externally download the keylogger on my computer and then send the information somewhere public that they could see?).

Any other less invasive methods that could harm me? Thanks, just curious!

AviD
  • 72,138
  • 22
  • 136
  • 218

2 Answers2

7

The mechanisms applied when you "print" can be complex and depend a lot on the printer, the printer drivers and the OS. What you see as text will be translated into something that the printer can accept, and that's the role of the driver on the OS side. In any case, printers don't have infinite memory, so it is the role of some machine (in this case, yours) to handle a "queue" of documents to print, and, guess what, that queue almost always consists in files in a directory. You did not save the document, but it still made it to the hard disk as a queued printable file. In any case, since modern operating systems employ virtual memory, aka "swap space", what you think as "a file which has not been saved" may still have made it to the hard disk, regardless of the printing business.

The printer itself, being network-aware, is also a small computer in its own right, with the same kind of bugs and vulnerabilities. Security holes are made worse in that printer's firmware is almost never updated, so vulnerabilities tend to remain open for long. See this previous question for some discussion on the subject. An hijacked printer will, of course, see everything that is printed.

Though the WiFi connection uses some cryptography, it does not protect against eavesdropping from other connected users; that crypto was designed to prevent unauthorized users from connecting at all, as is made apparent in the acronym "WEP" as "Wired Equivalent Privacy": with a wired network, packets are supposed to be invisible to people who are not plugged in the network, but people who are plugged can still see them. Furthermore, WEP turned out to do a very poor job at its assigned task, but the point here is that the "assigned task" has never been to establish a tunnel between any two systems, safe from all other systems in the network.

Of course, if your own machine is subverted and contains a keylogger, then you have already lost. Your machine is no longer your machine.

Note, also, that the document is not only in the machine RAM and the printer; it also is on your screen, and on the printed paper. Do you have windows in your office (not the operating system, but real apertures in walls, with glass planes) ? That you handle your data with a computer does not mean that classic spying methods don't work any more...

Tom Leek
  • 168,808
  • 28
  • 337
  • 475
  • 1
    Hmm wow so even if I don't print it, you're saying it's still possible that the file is getting saved to the hard disk because of the "swap space"? – John Dodson Aug 16 '13 at 14:43
  • 1
    Oh yes. The operating system gives some memory blocks to applications so that they may work with data, but the OS promises more memory than actually exists, and uses some disk area to store the least-often used memory blocks. Applications don't see it (except through some slowness in some cases) but it is pretty standard in most modern operating systems, in particular MacOS X, Windows, Linux... – Tom Leek Aug 16 '13 at 14:51
  • 1
    While we are at it, since the question is so wide open let's add: 1 Surveillance cameras overlooking the printer, or the keyboard, and 2 mugging you as you leave the building with the printout. – Rod MacPherson Aug 16 '13 at 23:53
0

The serial number would be of no use unless there is a backdoor that has gone completely without the knowledge of anyone (unlikely) and would still require access to your computer while you were working with it. You describe a wireless network with your computer and a printer on it. If it is separated from the network and the wireless network is properly secured, then things seem pretty decent, but there are still a few ways a determined attacker could get at it.

The biggest issues I see are that the document still has to exist in memory for a time and has to be submitted to the printer. Cached versions may be stored on the hard disk temporarily while sending to the printer and these might be recoverable after the fact. Additionally, if a key logger was present on the laptop, it would be possible for it to log the data and report it back the next time an Internet connection is present.

An attack on the printer itself might also be possible. Printers themselves are not particularly secure devices and a compromise to the printer could either result in documents being saved and forwarded later or an uncompromised printer may still store a cache of the document that could be recovered after printing.

If the system is attached to the Internet, a whole additional realm of possibilities open up, but the ones I described are still probably some of the most likely, though active monitoring does become a possibility if some means of remote access has previously been installed on the system.

Also, if the wireless network is not properly secured, then the information could simply be pulled out of the air as the document was sent to the printer.

AJ Henderson
  • 41,816
  • 5
  • 63
  • 110