Are Your Peripherals Monitoring You?

An anonymous reader writes " Engadget is reporting that 'Lexmark, makers of printers and scanners, has been caught monitoring users' printer, scanning, and ink cartridge usage.'" Newsgroup comp.periphs.printers readers noticed the software; the Engadget report says that "Lexmark say they're just tracking printer and cartridge usage, but the registration information and packets being sent say otherwise."

Newer print drivers only?

I have a Lexmark Optra E+ laser printer. It's several years old. I'm very happy with it as a printer.

I don't see any c:\program_files\lexmark500 directory even though I have the print driver, downloaded from lexmark.com, installed.

I've added the following to my hosts file just in case.

0.0.0.0 www.lxkcc1.com

Usenet post

[nstrom]

Original usenet post from comp.periphs.printers on Google Groups here, or here for a news: link.

Sites to block

lxkcc1.lexmark.com
www.lxkcc1.com
lxkcc1.com
ww w.lxkcc2.com
lxkcc2.com

ips
192.146.101.0 - 192.146.101.255

Re:Not clear?

[1u3hr]

Not clear what they are monitoring? What am I missing? Couldn't somebody just install the program and sniff the information out of the packets?

Yes, but nobody has yet. I read this on the newsgroup last week; the two articles in the Slashdot "summary" obviously haven't investigated it beyond quoting these articles.

The news posting in full is:

From: Commander (Commander_rn1@yahoo.com)
Subject: Lexmark Printer Users Beware of Spyware
Newsgroups: misc.consumers, comp.periphs.printers
Date: 2004-11-09 08:17:25 PST

Yes, Lexmark is now in the Spyware business!

Just the other day I purchased a new Lexmark X5250 All-in-one printer.
I installed it as per the instructions and monitored the install with
Norton as I do with all new software.

On reviewing the install log I noticed a program called Lx_CATS had
been placed in the c:\program files directory. I investigated and
found a data log and an initialisation file called Lx_CATS.ini.
Further investigation of this file showed that Lexmark had, without my
permission, loaded a Trojan backdoor on to my computer. Furthermore,
it is embedded into the system registry, so average users would likely
never know it was there and active.

This Lexmark Trojan was programmed to monitor my use of the printer by
way of data collected from two DLLs in the c:\program files\lexmark500
folder. The Trojan would then send information on printer usage,
including types of print activity, scanning activity, OCR activity
etc., back to a hidden URL at 30 day intervals.

The URL, www.lxkcc1.com, is identified as being owned by Lexmark.

When I called and spoke with Lexmark support, they denied all
knowledge of any such program, and suggested I had somehow been
infected by a virus. When I challenged them with the facts, they
ultimately aknowleged that this was indeed activity tracking software
that reported printer and cartridge use back to them for "survey"
purposes. Lexmark said that "no personal data" was relayed by the
program, and that I could not be personally identified by it. However
- the program transmits the printer serial number, and when I
registered the warranty with Lexmark, they recorded my personal
information along with the serial number. How much effort does it take
to match the two?

I call it spying! I was not advised of this part of the installation,
nor was I asked to agree to be part of any such data gathering
activity. I see this as a breach of my privacy, and as deplorable
behaviour by Lexmark.

Lexmark users beware! But, they may not be the only ones stealing your
private information.