Xerox issues security patch to fix faulty scanners

Print giant Xerox has started releasing patches for its machines to fix a fault that meant its scanners would sometimes reproduce incorrect numbers on documents.
The issue was uncovered by security researcher David Kriesel earlier this month. He revealed that an issue related to optical character recognition (OCR) algorithms meant pixel data was slightly changed during the scanning process, leading to incorrect scans.
Xerox has now released a patch to address this issue, with Rick Dastin, president of the Office and Solutions Business Group at Xerox, writing in a blog post that teams at the company had been working “around the clock” to issue the fixes.
“We are releasing the first wave of software patches to address the scanning error identified in some of our multifunction printers (MFPs),” he wrote.
“We have confirmed that errors can occur under a set of limited conditions when scanning 'stress documents' to PDF – which can include very small font sizes, stray pixels and be difficult to read. Given this finding, however uncommon, we have developed this patch, which eliminates that possibility.”
To access the downloads, Xerox has made a website where the patches are listed with the details for different machines, with a second set of affected products due to receive their patches on 26 August.
“You can download and install the patch immediately or co-ordinate with your local service or support representative. We have conducted extensive testing both in our labs and in the field to assure a quality result and an easy installation,” wrote Dastin.
The researcher who uncovered the issue, Kriesel, said in a blog post that he had already looked at the patches and verified that Xerox fixed the issue, revealing he had been involved in a call with Xerox to provide a solution for the issue.
“The patch completely eliminates pattern matching in all compression modes. This is more or less what I suggested within and after my first conference call with Rick Dastin and Francis Tse,” he said.
“In my opinion, this is the right thing to do with respect to the legal value of scanned documents. Of course, slightly greater files are produced, but even with low resolution and the strongest compression ('normal') no numbers should be mangled any more.”