Fax Machines ‘Give Attackers Foothold On Corporate Networks’

Bugs in the protocols that drive fax machines can be used to gain access to sensitive networks in millions of organisations, researchers have said.

Fax protocols were standardised in the 1980s and have not been changed since that time, warned Israeli security firm Check Point.

Meanwhile, units that combine fax, printing and copying functions have become widespread on corporate data networks, with 9,000 in use by the NHS alone, according to the BBC.

There are about 46.3 million fax machines in operation worldwide, including 17 million in the US. They’re particularly popular in Japan, where nearly all businesses and 45 percent of homes use them, Check Point said.

A malicious image is displayed on a fax-printer. Credit: Check Point

Image-based attack

The firm found that a malicious image could be sent to such systems that triggers a type of vulnerability called a stack overflow, crashing the system and giving the attacker control over it.

Because such systems are typically connected to an internal network, the attackers then have access to the organisation’s internal systems.

And because the attack operates over a phone line, even networks that are completely disconnected from the public internet could be targeted.

Check Point presented its research at the DefCon security conference  in Las Vegas, where the firm demonstrated a malicious image that takes control of an all-in-one fax-printer and launches the notorious EternalBlue exploit.

The attack then displays an image on the printer’s screen to indicate that it’s under the control of the attackers.

Researchers Yaniv Balmas and Eyal Itkin said they were surprised by the extent to which fax machines are still used, and began to explore attack methods as a result.

They examined HP’s popular OfficeJet line of all-in-one printers as a test case, and HP has now issued a patch for the bug. The issue affects all OfficeJet systems, Check Point said.

Widespread issue

But Balmas and Itkin said similar exploits are likely to work on models from other firms.

“Similar attacks could apply to other vendors as the vulnerability lies in the fax protocol itself,” Check Point said in an advisory.

Online fax services are also likely to be affected, the firm said.

The issue stems in part from poor wording in the fax protocol, leading manufacturers to implement it in different ways, with vulnerabilities creeping in as a result.

Unlike networked printers, the fax protocol has no way of requiring authorisation for sending a fax, meaning there is no way to block the malicious fax messages.

“HP was made aware of a vulnerability in certain printers by a third party researcher,” HP said in a statement. “HP has updates available to mitigate risks and have published a security bulletin with more information.”

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Intel ‘Playing Politics’ Over Delayed Ohio Chip Factory, Alleges Governor

Ohio Governor Mike DeWine alleges Intel's Ohio factory delay is a negotiating tactic, despite Pat…

1 hour ago

Steve Jobs Posthumously Awarded US Medal Of Freedom

President Joe Biden has named Apple co-founder and former CEO Steve Job, as a posthumous…

2 hours ago

Twitter Seeks Judicial Review Of Indian Takedown Order

Clash continues, Twitter court challenge against Indian government order to remove certain content it deems…

3 hours ago

TikTok ‘Halts E-Commerce Expansion Plans’

TikTok reportedly scraps plans to expand TikTok Shop livestream commerce in Europe and US after…

22 hours ago

European Parliament Passes Landmark Tech Regulations

European Parliament votes to adopt Digital Markets Act and Digital Services Act, but campaigners warn…

23 hours ago

Indian Economic Police Raid Offices Of Smartphone Maker Vivo

Indian economic crime agency Enforcement Directorate raids dozens of locations across India belonging to China's…

1 day ago