Intercepting Fax (was Re: email Crypto- third party)

Michael Bacon MBacon at snci.co.uk
Tue, 3 Aug 1999 18:05:13 +0100 

It was important for the 'spy' not to enter into the 'negotiating' and
'training' exchanges, and to wait for the data stream, which was signalled
by a series of blanks or zeros (I forget which).

Michael (Streaky) Bacon
Streaky
  _____
~(_____)>
  "   "
The opinions given are my own and are not necessarily representative of
those held by my employer.



-----Original Message-----
From: David Parkinson [mailto:dparkins@alien.bt.co.uk]
Sent: 03 August 1999 09:08
To: ukcrypto@maillist.ox.ac.uk; ukcrypto@maillist.ox.ac.uk
Subject: Intercepting Fax (was Re: email Crypto- third party)


At 07:50 PM 02-08-99 +0100, Dave Bird wrote:
>  Is it enough that an adequate second receiving fax have its receive
>  side connected to the intercept (and its transmit side connected to
>  nothing) in order for it to print the document?  or is would we
>  need slightly more sophisticated equipment??

Many years ago I demonstrated how "easy" it was to
intercept faxes by connecting two (receiving) fax machines
in parallel.  On the "spy" I disconnected one end of a
resistor which effectively inhibited the transmit side
of that fax machine.

It was an impressive demonstrator - a bit like synchronised
swimming with the normal fax and the "intercept" emerging
in step.  However, in practice, it was really a bit of a cheat.
For the demonstration I was actually using three identical
fax machines (panasonic).  What actually happened was,
during the initial handshake where each machine determined
the capabilities of the other machine, they discovered they
were talking panasonic to panasonic and so switched to a
slightly non-standard protocol.  With a different make of
machine as the "spy" my demonstration would've been sunk!
Also, a poor line resulting in heavy error correction may
well have had the same effect.  (Marginal transmission would
likely result in different sets of errors in the receiving
machines and the failure of the sending fax to respond
properly to the "resend" requests of the spy would also
screw things up).

It's some time since I've looked at fax modems and the modern
protocols, so I don't know how easy things are these days.
It used to be all half duplex transmission with high-speed picture
transmission (in bursts) and intermediate acknowledgements
at 300 baud.  (The initial handshaking was half duplex at
300 baud).  In reality it was trivial to eavesdrop the data
exchanges with another fax modem, and the CCITT standards
told you how to interpret the data.  (NB As far as I recall
the Panasonic private mode was covered in their supporting
documentation).

Also many years ago I had a catalogue from a company (whose
name I can't remember) which offered a "fax logging" system.
This was presented as a "monitor" that you could place on your
(outgoing?) fax lines so you could keep a record of all
faxes sent from your company.  Turn the page of the catalogue
and you were into miniature cameras/microphones/transmitters!

David