Forgot your password?
typodupeerror
Bug Hardware IT

Xerox Confirms To David Kriesel Number Mangling Occuring On Factory Settings 163

Posted by timothy
from the try-copying-20-or-30-times dept.
An anonymous reader writes with a followup to last week's report that certain Xerox scanners and copiers could alter numbers as they scanned documents: "In the second Xerox press statement, Rick Dastin, Vice President at Xerox Corporation, stated: 'You will not see a character substitution issue when scanning with the factory default settings.' In contrast, David Kriesel, who brought up the issue in the first place, was able to replicate the issue with the very same factory settings. This might be a serious problem now. Not only does the problem occur using default settings and everyone may be affected, additionally, their press statements may have misled customers. Xerox replicated the issue by following Kriesel's instructions, later confirming it to Kriesel. Whole image segments seem to be copied around the scanned data. There is also a new Xerox statement out now." Swapping numbers while copying may seem like bizarre behavior for a copier, but In comments on the previous posting, several readers pointed out that Xerox was aware of the problem, and acknowledged it in the machine's documentation; the software updates promised should be welcome news to anyone who expects a copier to faithfully reproduce important numbers.
This discussion has been archived. No new comments can be posted.

Xerox Confirms To David Kriesel Number Mangling Occuring On Factory Settings

Comments Filter:
  • by Anonymous Coward

    The old analog process never had this problem.

    • by phrostie (121428)

      this could really suck if you are copying documentation for a critial process.
      medical, aerospace, building construction,,,

  • by fustakrakich (1673220) on Saturday August 10, 2013 @09:34AM (#44530135) Journal

    69 dude!

    Now if 6 turned out to be 9,
    I don't mind, I don't mind, ...if all the hippies cut off all their hair,
    I don't care, I don't care.
    Dig, 'cos I got my own world to live through
    And I ain't gonna copy you.

  • What???? A copier changes numbers? A copier is supposed to copy.
    • Re:My reaction: (Score:5, Informative)

      by squiggleslash (241428) on Saturday August 10, 2013 @02:51PM (#44532049) Homepage Journal
      It's the scanner bit. Basically it applies a heavy amount of compression to the final result by looking for blocks that match and duplicating them. Which is all fine until the copier sees what it thinks is a 0 but is actually an 8.
      • It's the scanner bit. Basically it applies a heavy amount of compression to the final result by looking for blocks that match and duplicating them. Which is all fine until the copier sees what it thinks is a 0 but is actually an 8.

        This is informative.

    • by mestar (121800)

      What, an article about a copier that changes numbers, yet no picture zoomed on the before/after numbers? WTF?

  • Am I the only one who finds this truly frightning; that the photocopier has a bug in a sub system that is basically reading the content of the documents being photocopied? I didn't even know photocopiers did this normally. This is another prime example of how organizations like the NSA can theoretically get their fingers into cracks we didn't even know existed. I would never have thought that something I photocopy could be intercepted, but apparently it can. The bug part of this issue is just a small thing
    • Am I the only one who finds this truly frightning; that the photocopier has a bug in a sub system that is basically reading the content of the documents being photocopied?

      Lose the tinfoil. The copier isn't "reading" the document, it's simply compressing the document and storing it. The compression-method works by splitting the document into lots of smaller rectangles, then trying to find rectangles that look similar and then only storing the one, single rectangle and just copying that to the other areas when decompressing.

      • by HWguy (147772)

        I'm not sure he should lose the tinfoil. Perhaps still crinkle it in his hands. People are retrieving documents from the copier storage. Considering how often security holes are found in networked devices, it isn't outside the bounds of believability that someone could read copied documents.

        (PDF) http://www.willassen.no/svein/pub/copier-en.pdf

        • People are retrieving documents from the copier storage.

          Oh, I know. Industry spies and hackers often try to acquire used copiers exactly with the hopes that the seller forgot to empty the storage medium. The documents stored can be worth tens of thousands of bucks in the right hands. Alas, that's a completely separate issue from what the OP was complaining about.

      • Am I the only one who finds this truly frightning; that the photocopier has a bug in a sub system that is basically reading the content of the documents being photocopied?

        Yes, you should find that frightening. That's not new, though, pretty much all photocopiers these days don't actually "photocopy" the document, they scan it to memory and then print the scan. Your documents are saved to memory on the photocopier. Yep, that's a security flaw.

        http://www.thedailygreen.com/environmental-news/latest/digital-copier-security-461009 [thedailygreen.com]
        http://www.cbsnews.com/8301-18563_162-6412439.html [cbsnews.com]
        http://message.snopes.com/showthread.php?t=60313 [snopes.com]

        • by countach (534280)

          It's not the scanning to memory bit that's frightening. It's the "compression" bit that's frightening. And it's a tad surprising I think to most people the way it compresses. Maybe not quite as surprising for computer programmers, but I'd bet that even us wouldn't have exactly imagined this possibility.

      • Actually, the CIA did bug copiers for a while. This exploit has nothing to do with that kind of exploit.
    • by Anonymous Coward

      You can set it to OCR your document but that is not the problem described here.

      What is happening here is the image compression that is done, which compares pieces of the image together, when it find something that looks similar enough it only stores one of those pieces and duplicates the rest. An 8 and a 6 look alike enough for the compression algorithm to only store the image of a 8 once, en copy it anywhere it finds an 8 and a 6. It will also happen with other shapes, like symbols on a construction drawin

      • by Anonymous Coward
        Interesting. At work we have hundreds of the affected workcenter machines. When the story first broke, we asked Xerox about it and were given a statement that said that users would have to change the settings to non-default settings and that this same thing affected all copiers from all vendors. I didn't believe it at the time, but of course that was enough for management to think the issue was trivial and not going to affect us.
      • by rnturn (11092)

        We used Xerox WorkCentre copiers heavily where I used to work, using them to scan/transmit change documents back and forth for signatures before doing anything to FDA validated systems. And the folks at work used to wonder why I would always set the image quality to the highest setting -- something like "SuperFine" -- before pressing "Send" (and then requesting others to do the same). I always did it because I hated trying to read the blurry quality you got from "Normal" ("Low" was not even an option for me

  • by Shavano (2541114) on Saturday August 10, 2013 @09:58AM (#44530253)

    The potential for damage with this kind of error almost can't be overstated. Besides errors in billing, construction, manufacture or products, medicine dosages, etc. already outlined, there are other likely problems:

    Publications may contain wrong data.

    Scientific conclusions may be based on wrong data.

    Government policy may be based on wrong data.

    Money may go to wrong accounts or be taken from wrong accounts.

    You think you paid your taxes? The government may not agree.

    • The potential for damage with this kind of error almost can't be overstated. ...

      You think you paid your taxes? The government may not agree.

      Exactly. I photocopy a lot of documents and put them in my files to substantiate finances. So, the numbers may have been changed and my photocopies aren't accurate.

      • by mrbester (200927)

        Doesn't this therefore render the copier as "unfit for purpose" and you can get a refund? The whole point of copiers is to make copies. The average user doesn't care how it does it, only that it does what the sales blurb says it does.

        In any case, who would buy a copier knowing it doesn't actually copy? You wouldn't buy a phone that can't make calls until it gets a software update.

        • Doesn't this therefore render the copier as "unfit for purpose" and you can get a refund?

          I doubt it as the work-around is so easy: just change quality-settings from normal to high and the problem disappears. The factory default settings are obviously bad, but since the settings can be changed so easily I don't think it qualifies for the "unfit for purpose" - claim.

          • by the_other_chewey (1119125) on Saturday August 10, 2013 @11:44AM (#44530815)

            Doesn't this therefore render the copier as "unfit for purpose" and you can get a refund?

            I doubt it as the work-around is so easy: just change quality-settings from normal to high and the problem disappears. The factory default settings are obviously bad, but since the settings can be changed so easily I don't think it qualifies for the "unfit for purpose" - claim.

            You misunderstood the new findings:

            • - "high" is the factory setting
            • - it still replaces numbers
        • Doesn't this therefore render the copier as "unfit for purpose" and you can get a refund? The whole point of copiers is to make copies. The average user doesn't care how it does it, only that it does what the sales blurb says it does.

          In any case, who would buy a copier knowing it doesn't actually copy? You wouldn't buy a phone that can't make calls until it gets a software update.

          At the very least it warrants a "YOU HAD ONE JOB" meme pic featuring a xerox copier.

          • by Macgrrl (762836)

            Anticipating a WOOSH, but Xerox haven't made 'Copiers' for a long time now. They make Multi Function Devices (MFDs), so by very definition, they have more than one job.

            • Anticipating a WOOSH, but Xerox haven't made 'Copiers' for a long time now. They make Multi Function Devices (MFDs), so by very definition, they have more than one job.

              good point...

              and ...

              whoosh!

        • by Shavano (2541114)
          Damn right it does. The problem is there are a lot of these copiers already in use and we don't know how long the defects pointed out have been in Xerox machines.
    • by stenvar (2789879)

      The potential for damage with this kind of error almost can't be overstated

      Yes, it can be overstated. Normal sized print will not get altered by these compression algorithms. Substitutions only occur in data that a human would have trouble reading reliably to begin with. That kind of poor photocopy should never be used for any kind of important task, no matter what.

      ... may contain wrong data.

      They always "may contain wrong data", that's why you need to triple-check and verify for anything that matters.

    • by lgw (121541)

      Government policy may be based on wrong data.

      Ahahaha - government policy based on data. Nice one.

    • by hurfy (735314)

      and apparently every assembly manual for chinese products or Ikea furniture was produced on these machines....

      • by Shavano (2541114)
        I wouldn't know. Things I buy from China come preassembled and I'd never buy anything from Ikea.
  • Time to buy a Ricoh.

    At least they don't monkey with the compression to the level it actually distorts the image.

  • Back when I saw the first scanner based copiers roll out I'd thought we see something similar to this happen. Whenever you eliminate the analog signal path it becomes much easier to corrupt the thing in unnoticeable ways, even unintentionally! It's clearly the way to go, because of how much complexity it removes, but as soon as you start storing data on a medium and read it back you start having these problems, it only gets worse as you try and conserve that storage medium with compression or other tricks/h
  • by NewView (1088905) on Saturday August 10, 2013 @10:48AM (#44530493)
    Coming soon ... Xerox voting machines.
  • by swampfriend (2629073) on Saturday August 10, 2013 @11:19AM (#44530661)

    They meant to admit this to the public last week, but their press release got its letters changed around for some reason...

  • Say goodby to Xerox (Score:5, Interesting)

    by Steve1952 (651150) on Saturday August 10, 2013 @11:28AM (#44530721)
    At the federal level, our entire legal system is based on the concept that a machine copy of a document is as good as the original. In addition to all the other problems pointed out by other readers -- engineering errors, medical errors, financial errors, this type of error also greatly harms our legal system as well. A problem since the legal system is essentially the operating system for our society. I don't see how Xerox is going to survive the wave of lawsuits that is going to follow. They need to immediately warn everyone to stop using their systems, and then recall all affected units. Going forward, I suspect that the name "Xerox" will now mean: "to mangle or randomly distort".
  • Numbers are the bedrock of the capitalist regime. They are sacred. Do not transform them when copying them. Better to mangle words cause we all know they have semiotic plasticity anyway. But for the love of the capitalism and all it portends, please keep the numbers pure. That is all.
    • by TrentC (11023)

      Numbers are the bedrock of the capitalist regime. They are sacred. Do not transform them when copying them. Better to mangle words cause we all know they have semiotic plasticity anyway. But for the love of the capitalism and all it portends, please keep the numbers pure. That is all.

      Science and engineering rely on the numbers being "pure" too, jackass. It's not always about money.

      I prefer to not be injured or killed because altered numbers mean a structure is unstable, or that I get an incorrect dosage of medication.

  • I expect a copier to copy an image of the page, not to perform an OCR scan and reprint it.

    What's next? An NSA back door so the scanned text can be fired off to the US spy network?

  • The copiers are failing to copy numerals properly.

  • by Colin Douglas Howell (670559) on Saturday August 10, 2013 @01:02PM (#44531341)
    An earlier blog posting from Kriesel on this issue says that a reader reported similar behavior from a Brother copier:

    http://www.dkriesel.com/en/blog/2013/0808_number_mangling_not_a_xerox-only_issue [dkriesel.com]

    And one of the comments to that posting says:

    I have experimented with the open source jbig2enc library available at http://github.com/agl/jbig2enc [github.com], which has a encoding parameter called the “threshold”, described like this:

    “sets the fraction of pixels which have to match in order for two symbols to be classed the same. This isn't strictly true, as there are other tests as well, but increasing this will generally increase the number of symbol classes”

    The included command tool accepts values for this parameter between 0.4 and 0.9, with 0.85 as the default.

    I have found replaced digits in single-page numerical tables encoded with this parameter set as high as 0.82. As with the other examples you have found, the errors are not in any ways obvious to the eye which is, of course, the real problem.

    Since JBIG2 has been supported in PDF since 2001, it would be surprising if only Xerox have fallen into this trap.

  • Just as well for Rick, he outsourced this work to HCL. They'll clean up the mess left by those lazy, grasping American engineers in no time at all!

  • The fact that this is even POSSIBLE makes me worry that there's covert firmware deliberately tampering with things.

    First of all, how does it even know what a number *looks like*?

    And how the hell does it SWAP numbers?

    I've never known decompression artifacts to do that. It's just plain loony.

    Something seems decidedly fishy here.

    • by swalve (1980968)
      The compression algorithm slices the document into blocks, and stores each block once. If another part of the document uses a block of data that is identical to another one already in memory, it just has to store a pointer to the first one, not the whole block of data. If you set the function that compares blocks from "identical" to "good enough", that's how you get these errors.

      Simple example: fonts. You have a 8.5 x 11 sheet of paper @ 300 dpi. 90,000 dots per square inch, and 8,415,000 dots per page
  • Yes, faxes? Remember them?
    They're still widely used in many industries today. In fact, I applied for an Apple Developer account in a company name not too long ago and, unlike with an individual account, there is some paperwork involved that Apple insist must be faxed to them. Apparently it's more secure. Anyway, I'm not ranting about that issue today, but more the widespread use of faxes in the area of Law.

    Lawyers love faxes. They fax everything they can. A lot of them are using email more and more these da

The only thing cheaper than hardware is talk.

Working...