Xerox rushes to patch number swapping scanning flaw

error photo

Researchers have discovered a glitch affecting Xerox devices that causes numbers to be changed on scanned documents.

In a blog post, German technology researcher David Kriesel said certain members of Xerox's family of multi-functional devices, which can be used to scan, photocopy, print and fax documents, randomly alter written numbers on scanned pages.

Kriesel found a six would turn into an eight, and vice versa, with other numbers being changed too.

In one test, he reproduced building plans and spotted that one of the room dimensions had decreased from 21.11m to 14.13m.

These kinds of changes could put lives at risk, he claimed, as it could lead to patients being given the wrong dose of medicine or bridges being built with incorrect construction plans.

"This is not an OCR problem (as we switched off OCR on purpose), it is a lot worse patches of the pixel data are randomly replaced in a very subtle and dangerous way," he said.

"The scanned images look correct at first glance, even though numbers may actually be incorrect."

He claims to have tested at least two different models (Xerox WorkCentre 7535 and 7556) and these also exhibited the problem, but Xerox initially appeared to have no knowledge of the problem until it was flagged up.

Kriesel identified the problem in a compression algorithm, JBIG2.

He said: "In reality, there is often created a dictionary of image patches found to be similar'. Those patches then get reused instead of the original image data, as long as the error generated by them is not too high'.

"Anyone using those WorkCentres has to ask himself: how many incorrect documents (even though they look correct) did I produce during the last year by scanning with Xerox machines?"

The problem has led to Xerox hastily assembling a patch, which it said it would be released within the next couple of weeks.

The company has also assured IT Pro that the "vast majority" of Xerox customers are unlikely to be affected by the issue, as it requires users to select the scanning option on their device and make changes to the compression level and image quality settings.

In a blog post, Rick Dastin, corporate vice president and president of the Office and Solutions Business Group at Xerox, said the firm is in the throes of drawing up a guide showing users how to restore the factory scanning settings of their devices, as well as developing a software patch.

"It is important to know that Xerox devices shipped from the factory are set with the right compression level and resolution settings to produce scanned files appropriate for viewing or printingwhile maintaining a reasonable file size. You will not see a character substitution issue when scanning with the factory default settings," he explained.

"To hear and see this frustration and confusion goes against all that's core to Xerox's heritage and future. We apologise for any confusion and inconvenience this has caused our customers. We are working tirelessly to address these issues," he added.

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.