While fax machines may seem obsolete, there are over 45 million fax machines in use in businesses globally. In fact, our society sends 17 billion faxes every year.
Check Point provided a demo at DefCon last week showing a weakness in the antiquated fax technology. This weakness allows an attacker to take over a device and then gain access to another device on the network. By faxing a malicious image to the vulnerable device, it can create an overflow in the fax device which allows the attacker to gain access to the device. Once compromised, they can begin attacking other machines on the network. Because they are already inside of the network, your corporate firewall cannot protect you.
The Accellis team has researched the vulnerability, and while the fax protocol seems to be the weak link, HP devices are the main cause of concern. More specifically, the all-in-one fax printers made by Hewlett-Packard are vulnerable. HP has already issued a patch to correct the problem. At this point, created CVE (Common Vulnerability and Exposures) logs identify only HP devices.
Protect Your Firm
Think your firm may be at risk? Check for available firmware updates for your office’s fax machines and apply them. If possible, place fax machines on a separate and secure network from applications and servers that carry sensitive information. Through segmentation, the ability to spread malware across networks will be limited.