Jumping Air Gaps with All-in-One Printers

Last week, Adi Shamir gave a presentation at Black Hat Europe on using all-in-one printers to control computers on the other side of air gaps. There’s no paper yet, but two publications reported on the talk:

Theoretically, if a malicious program is installed on an air-gapped computer by an unsuspecting user via, say, a USB thumb drive, attackers should have a hard time controlling the malicious program or stealing data through it because there is no Internet connection.

But the researchers found that if a multifunction printer is attached to such a computer, attackers could issue commands to a malicious program running on it by flashing visible or infrared light at the scanner lid when open.


The researchers observed that if a source of light is pointed repeatedly at the white coating on the inside of the scanner’s lid during a scanning operation, the resulting image will have a series of white lines on darker background. Those lines correspond to the pulses of light hitting the lid and their thickness depends on the duration of the pulses, Shamir explained.

Using this observation the researchers developed Morse code that can be used to send pulses of light at different intervals and interpret the resulting lines as binary data­1s and 0s. Malware running on an air-gapped system could be programmed to initiate a scanning operation at a certain time—for example, during the night—and then interpret the commands sent by attackers using the technique from far away.

Shamir estimated that several hundred bits of data can be sent during a single scan. That’s enough to send small commands that can activate various functionality built into the malware.

This technique can be used to send commands into an air-gapped computer network, and to exfiltrate data from that network.

Posted on October 22, 2014 at 2:17 PM43 Comments


Carl "Bear" Bussjaeger October 22, 2014 2:43 PM

Unless they want to upgrade to a High Energy Laser, it sounds like they need a window. I guess my old mil security experience is outdated, because back then, our secure systems were supposed to be in windowless areas.

There’s still the matter of infecting the printer and getting it into the facility. But if someone infiltrated a factory and implanted the software at the source in every combo printer leaving the factory, I suppose eventually one would make it somewhere interesting.

Ryan October 22, 2014 2:51 PM


My understanding is that they only need to infect the computer, not the scanner. The computer would initiate a scan as normal, and then examine the resulting scan for those light bands.

Bill Ricker October 22, 2014 3:43 PM

wouldn’t the WiFi connection in the all-in-one printer be a better bypass?

(re milspec: not all airgaps are mil/community bunker. E.g. civilians un-jacking and booting TAILS.)

Chelloveck October 22, 2014 4:07 PM

So you need to install malware on the airgapped computer, get remote control over a lamp within sight of the scanner, and manage to sync the light flashing with the start of the scan process so the two events overlap enough to get your message across. This is a hack that would make even MacGyver say, “Maybe we should try something a little more straightforward.”

Naturally I expect this to be used in an upcoming episode of Scorpion, with the lamp being the main room lighting which is controlled by toggling the mains via an Arduino alligator-clipped to the lobby thermostat which means, of course, that it’s capable of running the entire building’s HVAC system.

SaltFace October 22, 2014 5:46 PM

That’s fairly Rube Goldberg-esque. I thought this was going to be about attacking through the built-in WiFi connection that’s so prevalent on all-in-ones these days.

Nick P October 22, 2014 6:35 PM

@ SaltFace

“That sounds like great idea. I mean, we already have the tools for it. Why not use them that way.”
– NSA program manager reading this blog

Figureitout October 22, 2014 7:14 PM

–Yeah that was my initial thought. I was amazed my school left wireless on printers, why?! Also recently saw some sketch guy charging his phone on the printer PC USB port…just dude c’mon…dumbass there’s AC outlets all over and he probably transferred some malware I hope my school caught.

Onto this attack, goddamnit Shamir and Bruce, making me nervous. Props on the Morse code though lol! Nice hack.

Grauhut October 22, 2014 8:20 PM

@Chelloveck: We could also try to trigger brown outs in order to send some morse code over the power line and atx PWR_OK into a computer! 🙂

Thoth October 22, 2014 9:54 PM

@Nick P
I wouldn’t be surprise NSA and other TLA managers are monitoring this blog not just to figure out our relationships but also to get some ideas and comments for their own use.

If the air-gap computer is going to be used for sensitive stuff, why not just isolate the sensitive computer in it’s own physical and logical environment. This will provide much higher degree of assurance. No cellphones, no cameras, no printers, no audio …etc …

An air-gap secure computer should have as little functions to disallow exfiltration and as limited as possible as using an air-gap (not ethernet/wifi/bluetooth/tethered) does not mean it cannot be accessed.

If media is required (audio/video), then at that point in time you should load the media cards and devices and after use, remove them.

For LEDs, the main processing logic should not have direct control to prevent LED/light based exflitration.

Buck October 22, 2014 10:20 PM


And how are you to get data to and from such an isolated system? Rote memorization and typing on a silent keyboard!? Crap!! I was thinking a printer scanner combo would be much preferable to USB… Guess I’ll have to build that data diode after all 😛

In general, it’s not that clear to me what this has to do with all-in-one printers… Seems like only the scanner’s function is being utilized here..?

Thoth October 23, 2014 12:07 AM

Nick P and me have discussed about using high assurance security form of air-gap systems in this blog before. Nick P and me have proposed a few of such systems.

I will assume the heavily secured air-gap computer system I proposed above as a secure HSM which does cryptographic operations and can be linked to a data-diode + mailing / message processing system.

You would need to plan out your security and for a HSM where sensitive cryptographic operations are performed, it deserves such heavy protection. For key loaidng of HSM root keys and raw keys, you would be better off typing the hex bytes by hand than to trust some random keyboards (unless you can make a trusted keyboard yourself).

Thoth October 23, 2014 12:09 AM

For key loaidng of HSM root keys and raw keys, you would be better off typing the hex bytes by hand than to trust some random keyboards (unless you can make a trusted keyboard yourself).

For key loaidng of HSM root keys and raw keys, you would be better off typing the hex bytes by hand than to trust some random computers (unless you can make a trusted computer yourself).

Buck October 23, 2014 1:02 AM


Given your comments regarding life in Singapore posted here:


I would certainly expect that these constraints would prove your mitigations to be mostly ineffective against state level attackers…

How are you to install a generator or solar panels for such an apartment complex? Perhaps you could rent a separate apartment for your air-gap, but it seems as though you’ll still have to deal with that ubiquitous video surveillance.

Good luck madam/sir!

While we’re (apparently) less legally constrained in the United States, few of us have resources available for our own independent power sources…

Batteries could possibly suffice, but the charge cycles will probably only lead to more questions; especially in light of the last three paragraphs of your comment here:


Waelg October 23, 2014 1:21 AM

Clever attack I think. It would be far more impressive if the malware were installed on the air-gapped device using this technique. Otherwise, I would ask how was the air-gapped device infected with the decoding malware… Almost reminds me of the BadBIOS sound infection discussion… Light and sound are now transport attack channels. What’s next in research? How to infect an air gapped device with a magnet? Not far fetched, if you ask me! Good thing no one can modulate gravity! Lol…

Re Errata:

For key loaidng of HSM root keys and raw keys

They say: Third time’s a charm 🙂

Andrew_K October 23, 2014 1:29 AM

@ Nick P, Thoth
It would be careless not to monitor this blog. The average knowledge regarding SIGINT, HUMINT, OPSEC found here is significantly high compared with other blogs… or Facebook. And they do monitor Facebook for Open Source Intelligence. It would be absolutely careless not to monitor this blog and to have a who-is-who of us. At least in terms of IP-adresses and their association. Maybe they are also searching for own employees who write here (and should not).

Anyway, the idea of the scanner bridging a gap seems a little bit too esoteric for practical use to me. Even if it works, it’s just one way communication in the first place (tough the idea of bidirectional communication with two scanners next to each other is kind of hilarious). If I would set up an air gapped machine, I would restrict it’s periphery to absolute needed minimum. And I would power it off (unplugging it), when I do not need it. That is, when I am not using it. That is, when this bridging could happen.
Moreover, the sender has a syncinc problem as Chelloveck pointed out. I add, that it also features the risk of being detected. As Carl “Baer” Bussjaeger implied, you probably need more light than any of the LEDs on a computer may provide. Flashing the whole screen or using the house installation bus would work but are likly to be seen by humans. Infrared won’t do the trick, too — since we are surrounded nowerdays by CCDs in our smartphones which will make the infrared flashes visible. Aside, with Infrared you still have the problem of a suitable sending device within reach of the scanner.

But I have to end with Nick P:
From an agency’s perspective — if it might work, give it a shot. Worst thing that can happen (aside from not working) is discovery. When someone discovers, it was a virus, malware, program mistake.

Wael October 23, 2014 1:30 AM

That was me (Waelg) — I made a mistake in my name! Serves me right, how ironic!!!

Using a solar cell for an air-gapped computer maybe a bad idea! Light can be modulated to transmit commands to the air gapped computer until it finds a printer 🙂 good thing the solar cell is only a receiver of light 😉

Buck October 23, 2014 1:42 AM


Ha! I was about to say… Especially after your spelling nazism! 😉

Though, that’s a great point about the solar cells, especially since that’s exactly what we’re talking about here! I suppose I hadn’t considered that fully yet…


Good thing no one can modulate gravity

How can you be so sure..? 😛

Wael October 23, 2014 2:08 AM

If gravity could be modulated, we would surely have heard of it. Past experiments with gravity “shields” we’re at best inconclusive. Search for gravitons and anti-gravity…

To extrapolate, any controlled changes in the environment can be used as a channel of command and control to an air-gapped device. Heat, light, sound, and something that resembles “gravity changes” could be vibration… Put a vibrating machine on a pillar of a building to cause some sensor in an air gapped device to receive and transmit information through vibration. May need to add a sensor to the device, or use an existing one; gyroscope, compass (hall-effect device), accelerometer, etc…

Speaking of Hall effect devices, a magnet can be used to transmit the code to the hosting computer. Seems like air-gapped computers need to be vacuum gapped, magnetically gapped, heat gapped (hosted in a thermose), vibration gapped (floating in air)… And most importantly, the operator has to be head gapped as well (wearing a tinfoil hat)…

Thoth October 23, 2014 2:14 AM

Thanks 🙂

If you are going against an APT attack from state actors, you probably will have to find some better ideas like building your mechanisms from total scratch. The context is to prevent sensitive operations leaked via LED exfiltration techniques which the best counter is to not all the logical operation components to directly access any light transmitting source. Another added point I mention is to remove unwanted components you are not using. Again, a good start off point is the open hardware stuff like Raspberry Pi (RPi) and the sorts. You have almost bare bones components with a couple of LEDs.

You don’t have microphone nor speakers connected on the open hardware devices (RPi and the sorts) which already helped with the elimination of audio-based exfiltration. There is no screen so you got to do SSH which is a tradeoff unless you want to manually manage the device and plug in a monitor for management.

Can it be secure and whatever-proof as it claims ? I think these concepts are attempting to be resistance but not proof of infiltration and exfiltration.

It is not perfect but it can be secured to a pretty decent range of attacks though.

Clive Robinson October 23, 2014 4:32 AM

With regards “gravity” of course you can modulate it, just move one mass with respect to another, what do you think causes the tides? Modulating it is not the problem, –though it does require a lot of energy– getting it to radiate is the problem.

However moving mass can cause signals to radiate in a different form,

Back in the 1970s a prof designed and built an incredably sensitive pendulum that acted as the middle plate in a three plate “butterfly” variable capacitor. So sensitive was this device, not only could it detect the moons movment but also the foot falls of the night watchman walking across the ten foot thick reinforced concrete floor. The detection mechanism was not of vibration or gravity but simply by the bending or tilting of the concrete floor with respect to the earth’s center.

Shannon channels exist as a conciquence of forces, thus any where a force can act and have information impressed upon it in some way –ie be modulated– then communication is possible. To think otherwise would be “not logical” 😉

Oh and if you think back a longish time ago Bruce blogged about the release of some NSA documents to do with EmSec under FOI. The documents were still redacted but one block contained an unredacted initial sentece that contained the word “gravity”….

Clive Robinson October 23, 2014 4:39 AM

@ Wael,

With regards,

Speaking of Hall effect devices

Tut tut tut, you should know by know that on this blog we speak of “SQUID devices”. Write out one hundred times “I must….” 😉

Andrew_K October 23, 2014 5:42 AM

@ Clive Robinson, re the referenced pendulum experiment

Maybe I got it wrong, but I do not understand how the tilting of the floor is different from vibration — especially if you reference foot falls.
In my understanding, he built a giant open condenser microphone with maxium sensitivity for very low frequencies. I regret not spending more attention to physics — but how is in this case the force originating from a change in gravity differentiated from the forces caused by inertia?

RonK October 23, 2014 6:37 AM

@ Grauhut: “…trigger brown outs in order to send…”

You joke, but most computers do log power outages / reboot times, so this could be used by an attacker having control over the computer’s source of power to send extremely-low-bandwidth messages.

Nick P October 23, 2014 8:03 AM

@ Wael

But what about the alternative energy scene’s many gravity manipulating inventions? And electrogravitic communications? What if even one isn’t totally full of shit? :O

Note: There was a document released from a think tank that showed all the major defense contractors had an antigravity research program at one point, with many having prototypes. And then we hear nothing. I found that interesting.

@ Clive

Interesting device. And this…

“Bruce blogged about the release of some NSA documents to do with EmSec under FOI. The documents were still redacted but one block contained an unredacted initial sentece that contained the word “gravity”….”

I missed entirely. You got a link to that?

Note: Now I’m thinking I shouldn’t have posted my link on neutrino-based covert communication. Give them some time and the assholes will turn it into an active EMSEC attack.

Clive Robinson October 23, 2014 9:04 AM

@ Andrew_K,

With regards,

Maybe I got it wrong, but I do not understand how the tilting of the floor is different from vibration — especially if you reference foot falls.

Vibration is primarily an oscillation effect, where the wavelength is considerably less than the effective physical dimensions of the object. Often it happens, because on some much lower level within the object it is compressable and can store energy in the compression that reradiates on decompression and thus gets transported through the object (think of knocking on pipes / bars).

Bending an object is non oscillatory in nature, it simultaniously compresses and tensions in the same axis of the object, provided the force applied remains within the objects plastic limit in that axis the object does not permanently deform. Like a bow or ruler twanged on a desk edge the object may resonate at one of it’s natural frequencies based on it’s gross physical dimentions if the force is released faster than the stored energy can be released.

Tilting an object is a non oscillatory effect involving the movment of the object and does not involve storing energy in the object, the object its self does not change in any way it only changes it’s relative position with respect to external objects.

The pendulum although acting as a three terminal capacitor was not being used to measure oscilations but the actual movment of the object with respect to the axis to the center of the earth. This occured because the ratio of the two capacitor halves is directly proportional to the tilt or bend of the floor and thus gives an ouput even when there is no movment or transfer of energy from the object to it.

The easiest way to imagine the device is to take a block of metal and make two cuts in at 45degrees to the surface to remove a 90 degree triangle of material that goes the full depth of the block. You end up with three pieces of metal the left hand 45 the right hand 45 and the 90 degree triangular wedge. If you mount the left and right hand 45s with a very small gap and then hang the wedge on the end of the pendulum with the 90 degree pointing down so it just sits in between the two 45s without touching them that is the three terminal capacitor. If the pendulum moves towards the left, the capcitor between the wedge and left hand 45 goes up whilst the capacitor in between the wedge and right hand 45 goes down.

If you use this setup as two arms of a bridge you can measure tilt, bend and some resonances of the object to just about any accuracy you want, limited only by the breakdown voltage of the caps and sensitivity of the bridge meter and external electrical noise.

Trip October 23, 2014 9:33 AM

There’s also the small detail that the pulsed light needs to be aimed at the white underside of the lid, which means that you have to talk someone into either scanning something with the lid open, or into leaving the lid up when they leave the secure area…

Clive Robinson October 23, 2014 10:10 AM

@ Nick P,

No I haven’t at the moment, it was quite a long time ago and pre the NSA voluntarily releasing large blocks of documents such as their in house magazines.

I initialy thought that the “gravity” aspect was to do with the detection and measurment of nuclear explosions, and remember laughing at the time. Because having read about the “congratulations it’s a boy” telegram over the detonation of the first fusion bomb sent by Edward Teller, who had by then been excluded from the project, and how he knew of the result by looking at a seismograph he had access to, I thought “that secret is already out, so why redact”…

What I had not considered at the time but have subsiquently thought about is that a very sensitve seismograph setup with good directionality and frequency response could pick out quite a few charecteristic “signitures” not unlike hunting submarines with acoustic arrays. It might for instance tell you the weight of the cargo on a C47 taking off or landing without you having to use cameras or shotgun mics that could be much more easily detected as they, unlike the seismograph would have to be visable “line of sight”. Likewise finding out what is going on in an underground bunker, or detecting people tunneling towards your underground assets such as comms cables. For every “wacky attack” the intel services think up, and tapping the East German phone cables by tunnelling from Berlin rates as one, there are people thinking up “how do we defend against this”, and what they can come up with can be just as wacky if not more so…

But traditional seismographs don’t actual measure gravity, they measure the equivalent of sound waves… so I’m having a rethink and head scratch… One such is using it like active sonar as a realy deep depth ground penetrating radar to find the likes of bunkers and tunnels or other voids but it still does not realy match “gravity”…

The problem with gravity is the “waves” require quadrapole resonators with a very great deal of energy input. For a bit of backround on gravity waves etc have a look at,


No Name October 23, 2014 11:49 AM

Some laptops got a photo diode to measure the environment light and adapt display brightness. If the photo diode is accessible by software (I’m quite sure it is) it could be used the same way as the scanner.

skeptical October 23, 2014 2:48 PM

The problem with this attack and similar ones is
IF #1 is true AND
IF #2 is true AND

IF #nnn is true…

Reality is different.

paul October 23, 2014 3:53 PM

For any air-gap-crossing situation where the recipient has already been corrupted, you don’t need a high-powered signal. You’ve got the whole $%#$%$ computer with billions of spare cycles of processing power to extract the signal bits from the noise. And for shortish messages you’ve got plenty of time as well. Maybe one scan wouldn’t give you a reliable result with three or four bottom bits of variation from the noise level, but a few dozen scans and the data start to add up. If the office in question is empty for 10-12 hours a day, no problem.

I wonder what data rate you could achieve by subverting a building’s ventilation system and then monitoring the CPU fan speed…

bob October 24, 2014 5:58 AM

People seem to be underestimating this threat.

Since BadUSB, we’re aware that any casually dropped USB key can infect every computer it touches and every USB device that computer touches. If it only infects USB devices, attacks are currently very hard to detect.

This massively increases the likelihood of any attack reaching an air-gapped printer. If said printer is exposed to a window, it can be remotely controlled by a USB laser pointer.

If it can be controlled, data can be intelligently exfiltrated. Eg:
. Next time you see something that looks like an address list, insert this address.
. Next time you print a document (perhaps with a given name / address / keyword), steganographically add data.

Lower level hacks could add a specific delay in between page scans (for the remote controller to remotely decode), activate wifi, dump a buffer moments before the “janitor” came in, etc, etc.

John Madden October 24, 2014 6:08 AM

I can’t wait to see what the NSA will come up with next. Smartphone LED flashes to attack printers? Positioning based on sun exposure? Flag-waving drones in front of our windows?

wumpus October 24, 2014 10:28 AM

These are the type of attacks that convince me that once you bother to air gap a system, you should be using extremely large keys. One time pads being the most obvious, but any system that used inputs (input data/cycled between keys/preferably with some sort of feedback loop) off a multi-gig USB stick would be a reasonable choice.

From memory, Bruce Schneier’s explanation of “why not use OTP” basically comes down to the assumption that our algorithms are strong but key management is weak. Against these attacks, simply making the key large enough to choke most available covert channels should be an improvement (even if the large key was largely generated by an algorithm with merely decently sized truly random data). The attacker’s “key management” isn’t all that strong, but strong enough for any typically sized (even multi-k RSA keys) keys.

Gopiballava October 24, 2014 1:32 PM

All this discussion of different ways to measure things reminded me of a paper I read about measuring water consumption in your house. Using a single pressure sensor. With proper analysis of the sensor output you can determine which valve is open and how much water is flowing through it:

To utilize that as a mechanism to exfiltrate data, you’d need to install malicious firmware on the automatic sink valve that is conveniently in the same room as the computer you’ve infected. Most of those valves use replaceable batteries. Modern batteries often have busses with serial number and battery info data. So, you find an exploit in the communication firmware of the device, install this exploit into a battery, get the battery installed in the valve, get the computer infected via USB, and then in the middle of the night the computer will blink and the faucet will modulate the water usage. In fact, you could probably even modulate that data during normal water usage – have it turn the water off and back on at varying intervals.

On a more serious note, many of these attacks look like they would require a lot of luck. There just happens to be the right equipment in the right place. it doesn’t have to be luck. Depending on the type of security at the facility, it might be a lot easier for a conspirator to get a scanner installed than to exfiltrate data themselves. Somebody who doesn’t normally get to access the computer with the important data might be able to make it happen. They could do it directly by asking for it, or indirectly by setting up some bureaucratic process that very strongly encourages scanners for transmitting documents.

Mark October 24, 2014 8:34 PM

Just a couple pages back, I read how helpless it is to close borders on transmittable threat. Over here I find the said topic more sincere.

Olaf October 27, 2014 7:31 AM

We plan to mitigate this risk by gluing 2lbs of lead to the edge of the scanner lid ensuring it slams down when unsupported.

We’ll put some razor blades along the edge to ensure no pesky fingers get in the way either.

DiabloHorn October 27, 2014 4:35 PM

This is a general attack that can be applied to more than just printers. You can apply this to almost all networks if none of the physical security guys are involved. I wrote about several ways to exfiltrate data from an air gapped network a while ago:


One of the easiest ways still remain to abuse the network card led to exfiltrate the data. Usually if a printer can be spotted from the outside so can the computer/laptop with the secret information on it.

Also from Schneier’s own blog (sniffing keyboards with lasers):


We’ll probably see some more forms of exfiltrating data this way in the near future when people realize they can point lasers at a lot of things and/or use light emitting surfaces to morse-code their way out of an network or abuse ultrasound.

C U Anon January 23, 2019 5:31 AM

@Ben Nassi:

You can find the full paper….

Behind an IEEE pay wall…

For which you need to have javascript on for various reasons, just to get the “sign in or purchase” sign or other warning information come up.

Like others I’m of the opinion that Pay Walls of this sort in the Scientific and Engineering communities are very bad news. Especially in the way that publishers have and in many cases still do extort the authors rights for nothing in return.

It’s one of the reasons I stopped paying the IEEE membership fees.

Oh and likewise javascript and all it’s nasties should never ever be compulsory, just to get even an error message. Such poor design does absolutly nothing positive for the IEEE’s image as representing a proffession where security is supposadly one of the things they encorage their membership to practice with good diligence…

JG4 January 23, 2019 6:00 AM

@CU Anon – You did a brilliant job of channeling Clive there. It wouldn’t be that difficult to write a filter that would use his characteristic phrasing and sprinkle in the trademark typos/mispellings. Over time, you could back out the a priori assumptions from his posts and add them to the dossiers that are maintained by various private and public sector groups.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.