Fax Machines ‘Give Attackers Foothold On Corporate Networks’

Bugs in the protocols that drive fax machines can be used to gain access to sensitive networks in millions of organisations, researchers have said.

Fax protocols were standardised in the 1980s and have not been changed since that time, warned Israeli security firm Check Point.

Meanwhile, units that combine fax, printing and copying functions have become widespread on corporate data networks, with 9,000 in use by the NHS alone, according to the BBC.

There are about 46.3 million fax machines in operation worldwide, including 17 million in the US. They’re particularly popular in Japan, where nearly all businesses and 45 percent of homes use them, Check Point said.

A malicious image is displayed on a fax-printer. Credit: Check Point

Image-based attack

The firm found that a malicious image could be sent to such systems that triggers a type of vulnerability called a stack overflow, crashing the system and giving the attacker control over it.

Because such systems are typically connected to an internal network, the attackers then have access to the organisation’s internal systems.

And because the attack operates over a phone line, even networks that are completely disconnected from the public internet could be targeted.

Check Point presented its research at the DefCon security conference  in Las Vegas, where the firm demonstrated a malicious image that takes control of an all-in-one fax-printer and launches the notorious EternalBlue exploit.

The attack then displays an image on the printer’s screen to indicate that it’s under the control of the attackers.

Researchers Yaniv Balmas and Eyal Itkin said they were surprised by the extent to which fax machines are still used, and began to explore attack methods as a result.

They examined HP’s popular OfficeJet line of all-in-one printers as a test case, and HP has now issued a patch for the bug. The issue affects all OfficeJet systems, Check Point said.

Widespread issue

But Balmas and Itkin said similar exploits are likely to work on models from other firms.

“Similar attacks could apply to other vendors as the vulnerability lies in the fax protocol itself,” Check Point said in an advisory.

Online fax services are also likely to be affected, the firm said.

The issue stems in part from poor wording in the fax protocol, leading manufacturers to implement it in different ways, with vulnerabilities creeping in as a result.

Unlike networked printers, the fax protocol has no way of requiring authorisation for sending a fax, meaning there is no way to block the malicious fax messages.

“HP was made aware of a vulnerability in certain printers by a third party researcher,” HP said in a statement. “HP has updates available to mitigate risks and have published a security bulletin with more information.”

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

2 days ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

2 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

3 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

3 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

3 days ago