A new research from cybersecurity solutions provider Check Point revealed how organizations and individuals are vulnerable to hacking through their fax machines.
Researchers at Check Point stated that fax machines have security vulnerabilities which could possibly allow a hacker to steal data through a company’s network using just a phone line and a fax number. The researchers also showed how they were able to exploit security flaws in a Hewlett Packard all-in-one printer.
The findings were presented by Check Point’s researchers Yaniv Balmas and Eyal Itkin at DEFCON 26.
“Many companies may not even be aware they have a fax machine connected to their network, but fax capability is built into many multi-function offices and home printers,” said Yaniv Balmas, Group Manager, Security Research at Check Point. “This ground-breaking research shows how these overlooked devices can be targeted by criminals and used to take over networks to breach data or disrupt operations.”
“It’s critical that organizations protect themselves against these possible attacks by updating their fax machines with the latest patches and separating them from other devices on their networks. It’s a powerful reminder that in the current, complex fifth-generation attack landscape, organizations cannot overlook the security of any part of their corporate networks.” Balmas added.
Describing the potential threat, the researchers said the attackers can send specially created malware coded image file via fax to the targeted networks. The vulnerabilities in the fax machine enable malware to decode and uploads to its memory, which can breach sensitive information or cause disruption across the connected networks.
Check Point recommended organizations to install updated firmware for their fax devices and place them on a separated network system to minimize the security risks.
