Faxploit: Hackers can use Fax machines to inject malware into a targeted network

Businesswoman buried at the office

Think twice before sharing your fax number with someone.

Many corporations provide their fax number in the contact information page on the websites. After all, it is considered completely harmless to share fax number with other information like the email address or phone number. However, it turns out that the fax number is also exploitable by hackers.

According to the research from CheckPoint, disclosed at Defcon 2018 as “Faxploit,” if an attacker obtains an organization’s fax number, it becomes possible to send a specially created image file to the targeted machine and anything can be coded into that file such as malware, cryptomining software, ransomware or spyware. The machine will decode the file and upload the software to its memory. This way, attackers can easily obtain confidential data or may disrupt the entire network to which the fax machine is connected.

See: Hacker takes over thousands of Printers; sends alerts to users

CheckPoint states that certain vulnerabilities present in the communication protocols used by a majority of fax machines across the globe are responsible for the hacking. By exploiting these vulnerabilities an attacker can seize control of any network, whether it is private or commercial. The flawed protocols are installed in not only widely used fax machines but all-in-one printers as well.

Hackers can use Fax machines to inject malware into a targeted network
Attack workflow (Credit: CheckPoint)

Announcing the vulnerabilities at DefCon, CheckPoint researchers said that the bugs, found in the protocols used by all by fax machines and all-in-one printers, allow hackers easily to inject malware into a company’s network. All this can be done simply by using the fax number and a phone line.

CheckPoint researchers Eyal Itkin and Yaniv Balmas explained the procedure at DefCon:

“Using nothing but a phone line, we were able to send a fax that could take full control over the printer, and later spread our payload inside the computer network accessible to the printer.”

Researchers are of the opinion that this security risk must be addressed immediately by modifying the way modern network protocols treat fax machines and network printers. They further stated that from today onwards, corporations should remain alert and consider fax machines as a potential attack vector for hackers who need to infiltrate the company network.

See: Spoofed Emails from Supposedly Corporate Printer Vendors Install Backdoor

The exploit was tested on HP Officejet Pro 6830 all-in-one fax printers. However, they assured that similar flaws can be applied to all fax machines because the vulnerabilities have been identified in the fax communication protocols. Online fax services such as fax2email are also vulnerable to similar kind of attacks. It is worth noting that HP quickly fixed the flaw in the abovementioned model by developing a software patch, which is now available for download at HP.com.

Video demonstration

This is quite a concerning discovery because there are roughly 45million fax machines being used by corporations around the globe and around 17 billion faxes are sent annually. Industries like healthcare, banking, legal and real estate all rely heavily upon faxes for exchanging sensitive information. Therefore, the flaws must be addressed quickly and reliably.

Image credit: Depositphotos

Related Posts