Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Beware the Fax Machine: Some Hackers Target Old Gadgets

What could be less threatening than the old office fax machine? Nothing. That’s precisely why it’s used as a backdoor for hackers to get into an organization’s network.

What could be less threatening than the old office fax machine? Nothing. That’s precisely why it’s used as a backdoor for hackers to get into an organization’s network.

Check Point, a cyber security firm in Israel, said Sunday that their research discovered security flaws in tens of millions of fax machines.

The hack works by sending an image file through the phone line — or a file that the fax machine thinks is an image file — and that is coded to contain malicious software. When a company receives the photo, the image is decoded and uploaded into the fax-printer’s memory, allowing the hackers to take over the device and spreading the malicious code through the network.

Hackers could infiltrate a network by exploiting all-in-one printer-fax machines.

“Many companies may not even be aware they have a fax machine connected to their network, but fax capability is built into many multifunction office and home printers,” said Yaniv Balmas, group manager of security research at Check Point.

The researchers focused on Hewlett Packard’s OfficeJet Pro all-in-one fax printers — the global market leader for fax machines. Hewlett Packard quickly fixed the issue — a patch is available on their support page — but the same vulnerabilities are present in most fax machines, including those by Canon and Epson.

Many machines are too old to even update. That means it will be difficult for companies to stop hackers from entering their system.

Globally, businesses use an estimated 45 million fax machines. Faxes are still widely used in healthcare, banking, and law, sectors in which highly sensitive data is stored. In the U.S. medical sector, 75 percent of all communications are sent by fax.

To prevent organizations’ networks from becoming compromised, experts recommend that companies check if their fax machines can be updated, or place fax devices on a secure network that is separate from the networks that carry sensitive information.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.