Although there are many other ways to communicate information these days, faxing is still used by many businesses. Check Point Technologies Ltd., a provider of global cyber-security solutions, has recently discovered methods a hacker can use to exploit vulnerabilities in a network-connected fax machine simply by dialing an organization’s fax number. Once the flaws have been exploited, an attacker could then infiltrate the organization’s network.
It’s the vulnerabilities in the fax machine’s communication protocol that allow malware to be downloaded through an image file sent to the targeted fax number. Once the malware (i.e., ransomware, crypto-miners or spyware) is uploaded into the machine’s memory, it can spread to any network that’s connected to the infected fax.
Check Point’s research specifically identified these vulnerabilities in HP Officejet Pro All-in-One fax printers, but the same communication protocols are used by many other vendors’ fax, multi-function printers and fax-to-mail services, so it’s likely that other devices could also be susceptible. To HP’s credit, after Check Point notified the company of their discovery, HP quickly responded by developing a software patch. It can be found at hpsupport.com.
“Many companies may not even be aware they have a fax machine connected to their network, but fax capability is built into many multi-function office and home printers,” said Yaniv Balmas, Group Manager, Security Research at Check Point. “This groundbreaking research shows how these overlooked devices can be targeted by criminals and used to take over networks to breach data or disrupt operations. Balmas added, “It’s critical that organizations protect themselves against these possible attacks by updating their fax machines with the latest patches and separating them from other devices on their networks.”
By following Check Point’s advice and ensuring the latest updates have been installed, as well as locating the fax machine on a separate secure network, organizations can limit the ability of malware to spread across their networks, putting protected health and other sensitive information at risk.