EXECUTIVE SUMMARY:
A couple weeks ago, we reported on cybercriminals trying to spread malware via CDs sent through the mail. Now researchers have discovered serious vulnerabilities in fax machines that could let cybercriminals infiltrate any home or corporate network with just a fax number.
Dubbed ‘Faxploit,’ the vulnerability research by Check Point’s Yaniv Balmas and Eyal Itkin illustrates how a hacker could easily exploit fax protocol and infiltrate a network. To begin with, corporate fax numbers are typically posted on websites and business cards. Using that number, a hacker could send an infected file to the corporate fax machine as a way to launch a beachhead for a larger attack.
As Check Point’s blog explains, most businesses make the mistake of setting up their IT infrastructure based on business or operational needs, versus security. If multiple devices in the organization are connected to the printer-fax machine, and to one another, then an attacker only needs one access point (in this case the printer-fax) to access the entire network. “From this point, through a process of lateral movement, the attacker would be able to hop from one part of the network to the next infecting a wider portion of it as he progresses. Upon such an attack, it would be a matter of seconds before an entire network was compromised and you had an intruder well embedded across your systems,” states the blog.
If you think fax machines went the way of the mullet, you might be surprised to learn that they are still heavily relied on by industries such as banking, real estate, law, healthcare, and government, among others. In fact, according to Check Point, 46.3 million fax machines are in use today, with 17 million in the US alone. Over the years, fax machines evolved to become multi-functional machines, combined with printing and copying functions. It’s this kind of device, an all-in-one printer-fax machine, that was used for the test case research.
Talking to Wired, researcher Yaniv Balmas said, “Fax is an ancient technology, the protocols we use today haven’t been changed for the past 30 years.” He added, “But everybody is still using fax and nobody really looks at it as a valid attack vector. So we thought, what if we could exploit a printer just by sending a malicious fax? In an all-in-one printer, one side is connected to the phone line and the other side is connected to the network. So if we could take over the device, we could then move into the internal network.” Interestingly, the researchers pointed out that the attack could still be carried out even with networks that are disconnected from the internet–because the main attack vector is the telephone or fax line.
While the specific model used in the research was an HP all-in-one printer-fax machine, Check Point believes that similar attacks could be executed with other vendors’ machines. Working with the researchers, HP issued patches for the vulnerability.
For those who use an HP Officejet all-in-one printer, you can get instructions to patch and update from HP here. Check Point also advises implementing segmentation policies, software patching, and proper IT hygiene. If the fax function is not being used in the all-in-one printer, researchers suggest disconnecting the PSTN line.
Get the full story at the Check Point blog.
