Vulnerabilities in fax machines could let hackers infiltrate a network

All-in-one devices should now be considered a possible infiltration vector into the corporate network, researchers warn

fax machine with send button pressed

Researchers have discovered several critical vulnerabilities in the fax functionalities of all-in-one printers that can allow an attacker to seize complete control of a machine.

Seeking to establish what an attacker could accomplish armed with just a phone line and a target fax number, Check Point Research found that by sending a maliciously-crafted fax it was possible to infiltrate an organisation's network.

Disclosing the vulnerabilities at DEFCON 26, hosted in Las Vegas, yesterday, they showcased how an attacker could then maximise this opportunity via EternalBlue, a leaked NSA-developed hacking tool, to exploit any PC connected to the same network.

The infiltrated computers can be used to send data back to the attacker by sending another fax.

"Using nothing but a phone line, we were able to send a fax that could take full control over the printer, and later spread our payload inside the computer network accessible to the printer," said Check Point Research's Eyal Itkin and Yaniv Balmas.

"We believe that this security risk should be given special attention by the community, changing the way that modern network architectures treat network printers and fax machines.

"From now on, a fax machine should be treated as a possible infiltration vector into the corporate network."

The team of researchers tested their exploit on HP Officejet Pro 6830 all-in-one printers, but said they "strongly believe that similar vulnerabilities apply to other fax vendors too as this research concerns the fax communication protocols in general".

Despite being considered a technological relic in the age of instant messaging, text and video calls, fax machines are still widely-used in businesses and organisations across the world.

For instance, Check Point Research estimated there are more than 300 million fax numbers in use, while they say financial reports from Wall Street reveal tens of millions of all-in-one printers are sold worldwide each year.

Meanwhile, a poll conducted by the Royal College of Surgeons (RCS) last month revealed that almost 9,000 fax machines are in use across the NHS - highlighting the widespread use of fax technology in the UK public sector, and the accompanying security risks.

Check Point Research said it worked closely with HP to fix the vulnerability after alerting them to the issues in May, culminating in a patch that was released on 1 August. But the research team said the vulnerability is not exclusive to all-in-one printers and that similar flaws may be found in fax-to-mail services and standalone fax machines.

Although they haven't spotted this exploit being executed in a real-world context, the researchers nonetheless recommended that HP Officejet all-in-one users follow the vendor's instructions on patching their printers.

Featured Resources

2021 Thales cloud security study

The challenges of cloud data protection and access management in a hybrid and multi cloud world

Free download

IDC agility assessment

The competitive advantage in adaptability

Free Download

Digital transformation insights from CIOs for CIOs

Transformation pilotes, co-pilots, and engineers

Free download

What ITDMs did next - and what they should be doing now

Enable continued collaboration and communication for hybrid workers

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
Microsoft seizes domains used by Chinese hacking group
cyber attacks

Microsoft seizes domains used by Chinese hacking group

7 Dec 2021
Australia film archive gets $41.9 million to digitise audiovisual heritage
digitisation

Australia film archive gets $41.9 million to digitise audiovisual heritage

6 Dec 2021