The attack introduced in this article can be framed as a communication problem between an unsuspecting victim, in possession of a printer acting as the transmitter, and a recording device utilized by the attacker as a receiver. The communication system exploits the acoustic pulse-like properties of the noise produced by the printers’ roller mechanism. In the next subsections, we will detail the operation of this communication system, with an emphasis on the transmitter side, where imperceptible patterns are injected into documents to control the printing process. In the last subsection, we reveal how the pattern injection would be carried out in practice, within the Linux operating system.
4.1 Design of the Injection Patterns
Transmission is done by using imperceptible patterns injected into the documents being printed, which as mentioned before are used to control the printing process. Through the use of a series of very light colored rectangles (imperceptible to the human eye) with different widths imposed on the white background of documents being sent to print, as shown in Figure
4, our objective is to manipulate the frequency at which the printer’s roller mechanism activates (i.e., the mechanism that displaces paper sheets inside the printer).
The rectangles we inject into documents are drawn across the horizontal space of a page and are stacked vertically on it. These rectangles are meant to activate a printer’s multi-pass mode—that is, the mode that produces the greatest number of printhead passes and roller activations over a given area, which is normally used to ensure densely colored figures keep their details when printed. It is also the mode that generates the least amount of paper displacement for each roller activation. By triggering this mode in text documents, we basically obtain control over the printhead’s operation with our injected rectangles, affecting the time the printer takes to complete each of the horizontal areas where the printhead maneuvers. Any overlying text that may be present has minimum influence over the printhead, because of its graphical sparseness, which means the printer can print those segments of text in any of the multiple passes the injected rectangles do require, and not interfere significantly with our modulation, as will be explained in the following.
The timing effect that the injected rectangles cause depends on their size, and thus we define two main spatial properties that characterize these figures, as shown in Figure
4: width and length. First of all, a specific minimum width and length are needed to activate the multi-pass print mode. After determining these minimum parameters, we can subsequently increase the rectangles’ width in different proportions to actually modulate the rate at which page displacements are made (i.e., the frequency at which acoustic pulses are produced). The rectangles’ minimum length is actually equal to, or a fraction of, the vertical length that the yellow color nozzles occupy on a given printhead. In practice, this means each rectangle will generate exactly one paper displacement if they perfectly occupy all the printable vertical area the printhead can operate at a given moment, which let us maximize the use of a paper’s space and produce reliable transitions between rectangles of different width. However, once we assure each rectangle generates a single paper displacement, the way the rectangles’ width actually modulates the printing process can be understood with the next example: given two rectangles of the same length, vertically stacked on a blank page and aligned to the margin closest to the printhead’s resting position, if one of the two is wider than the other, it is evident that the printhead will need to go farther away to print the wider rectangle. This will then increase the time period between paper displacements than when printing the rectangle that covers less width of the page.
A third and last factor that controls printheads’ speed is the lightness of a figure’s color, which affects the total number of ink droplets ejected per area, although this parameter is not that useful for the purpose of our attack, as it can compromise the stealthiness of the operation. It is important to understand that the very light yellow color we use in our rectangles is obtained by sparsely ejecting yellow ink droplets from the printhead, as part of the halftoning process that uses the white paper background to modulate the brightness of colors, an example of which can be seen in Figure
5. By using such a light color, we ensure a human cannot distinguish the patterns from the background. In fact, it is known that the human visual system relies more on luminance contrast than on the absolute levels of luminance, or than on chromatic contrast, for the interpretation of information [
38], and the difference in luminance between yellow and white is indeed perceived to be small and hard for humans to see. It is evident then that a very light tint of yellow on a white background will not be detected—an effect that has been previously utilized in the context of printers [
29]. If we use darker colors for our injected patterns, we are only making the printhead cover with more ink a given area, which will result in the figures being more noticeable. But the contrary is also true; there is a limit below which we cannot make lighter the color of our rectangles, as the printer stops considering those figures as densely inked, and no change to multi-pass print mode is realized. In practice, the light color utilized in our injected patterns throughout this work was close to this threshold, which in all cases resulted in these patterns being invisible to the authors’ sight. Appendix
A shows a document page with both a human-visible and a true representation of the injected patterns.
The parameters just mentioned have been described in an isolated way, in the context of blank documents, without other graphical objects interfering. We are now going to explore how these graphical patterns coexist with others introduced by a user. There are two cases we may face: (1) a document with equally dense or more densely inked graphical objects that require multiple passes from the printhead, such as images, and (2) a document with sparser graphical objects, such as text, that usually require only a single pass per horizontal area. Just to be clear, documents can contain both elements, but here we study them separately to understand their effects. First of all, if other dense graphical objects are present, the attacker’s modulation may not have any effect. Both rectangles and the other densely inked objects, such as images, activate the same multi-pass print mode, but because our rectangles use a very light yellow color that requires less ink than what normal images use, and the latter may occupy the entire width of a page, images will be the ones that effectively control the printhead’s speed so that any attempt at modulation will be disrupted.
In the second case, if the graphical objects are sparse and they manage to activate lower priority print modes than the one used by the rectangles, such as normal text, the rectangles will effectively define the speed of the printhead and paper displacements. But depending on how much of a page’s width the text covers, it may still add a small offset on the printhead’s travel time within a given horizontal space, especially if the rectangle’s width is smaller than the text’s overall width. Returning to the previous example with the two vertically stacked rectangles of different width, if we now overlay some text on that same page, we can observe that if the width of the bigger rectangle is greater than the text’s overall width, then the printhead still needs to go all the way up to the other side of the rectangle, thus preserving the time delay observed in the example before. If the smaller rectangle is of less width than the text, the printhead still needs to travel until the end of the text block, but as the text does not need that much ink, the printhead will pass more rapidly than if it were part of the rectangle, resulting in a small added delay. This means that changing the rectangle’s width, even if it is smaller than the text’s overall width, will still have an effect on the printhead’s travel time.
Overall, this is the intuition behind printer modulation, although there are some caveats with particular printers, as explored in Section
5.
4.4 Infecting the Linux Printer Subsystem
In Linux and macOS operating systems, the
Common Unix Printing System (CUPS) is the current software tasked with managing the interface between the user’s computer and its printers. CUPS uses the PostScript Printer Definition file format (PPD) to describe printers’ configuration, and a series of filters translate documents being sent to the printer into a final format understandable to it. Back-end filters are the endpoints to this chain of filters whose purpose is sending the data directly to the printers and other filters performing document format conversions and rasterization. The filters that end up being used are generally determined by the document’s MIME format, a list of them defined by the configuration file
mime.types, and the particular chain of filters assigned for each file format being described on the configuration file
mime.convs. The CUPS standard print job transfer format passed from being PostScript to
Portable Document Format (PDF) in 2006, so now all important applications send print jobs in that format [
33]. Consequently, our attack is designed to inject the imperceptible patterns into PDF files. PDF became standardized as ISO 32000-1 with version 1.7 in 2008 [
2]: it is a device and resolution independent file format, with a structured hierarchy of objects that organizes each pages’ content. These features make PDF files perfect for our attack, which requires injecting specific patterns at certain pages in a consistent manner.
In our attack model, the malware with necessary privileges will convert the data bits to exfiltrate into a series of patterns to be injected into the documents whenever they are sent by the user’s machine to the inkjet printer. By intercepting the documents before they are processed by the printer’s driver or subsequent filters, we can succeed in injecting the patterns. This can be done on CUPS by adding a malicious filter at the beginning of the filter chain used to process documents sent to the printer, or by creating a wrapper for one of the existing filters so that it first calls our malicious code and then executes the original intended code. For example, in the former case, to add a malicious filter at the beginning of the filter chain, one can edit the mime.types file so as to create a new MIME type paired with PDF files, removing the original pairing expression from the PDF MIME type. One can then link the malicious filter with the new MIME type by including it in the file mime.convs, specifying the malicious filter’s ending format as the original PDF MIME type so that the document continues through the normal filter chain. By having control of a CUPS filter, we cannot just inject the patterns into the document, but include a series of checks so as to ensure the document is in the appropriate format—for example, we check if images are present in the document and ignore the pages where those are.