How you can be hacked via your fax machine
Unless you are in regular touch with the 1980s it's probably a while since you gave much thought to using fax machines.
Even then you might think your biggest worry would be a paper jam. But new research from Check Point released at Def Con in Las Vegas reveals organizations and individuals could be hacked via their fax machines, using newly discovered vulnerabilities in the communication protocols used in tens of millions of fax devices globally.
The Check Point research demonstrated the vulnerabilities using the popular HP Officejet Pro All-in-One fax printers. But the same protocols are also used by many other vendors' faxes and multifunction printers, and in online fax services too, so it's likely that these are also vulnerable to attack using the same method. Following discovery of the vulnerabilities, Check Point has shared the findings with HP, which has been quick to respond and develop a software patch for its printers, which is available on HP.com.
There are over 45 million fax machines in use in businesses globally, with 17 billion faxes sent every year. Fax is still widely used in some industry sectors such as healthcare, legal, banking and real estate, where organizations store and process vast amounts of highly sensitive personal data. The UK's National Health Service for example has over 9,000 fax machines in regular use for sending patient data. In many countries, emails are not considered as evidence in courts of law, so fax is used when handling certain business and legal processes. Nearly half of all laser printers sold in Europe are multifunction devices with fax capability.
"Many companies may not even be aware they have a fax machine connected to their network, but fax capability is built into many multifunction office and home printers," says Yaniv Balmas, group manager, security research at Check Point. "This groundbreaking research shows how these overlooked devices can be targeted by criminals and used to take over networks to breach data or disrupt operations."
Once an attacker has an organization's fax number they send a specially created image file by fax to the target. The vulnerabilities enable malware (such as ransomware, crypto-miners or spyware) to be coded into the image file, which the fax machine decodes and uploads to its memory. The malware can then potentially breach sensitive data or cause disruption by spreading across any networks to which the fax machine is connected.
"It's critical that organizations protect themselves against these possible attacks by updating their fax machines with the latest patches and separating them from other devices on their networks," Balmas adds. "It's a powerful reminder that in the current, complex fifth-generation attack landscape, organizations cannot overlook the security of any part of their corporate networks."
You can find out more about how the exploit works and how to protect yourself on the Check Point blog.