SECURITY RESEARCHERS have uncovered flaws in the protocol used in “tens of millions” of fax machines, that could leave businesses using the archaic technology (looking at you, NHS) open to attack.
Announcing the vulnerabilities at DefCon, Check Point researchers said that the bugs, found in the protocols used by all by fax machines and all-in-one printers, allow hackers easily to inject malware into a company’s network.
All a hacker needs are the organisation’s fax number and a phone line, Check Point said. Hackers then send a specially-coded colour JPEG fax image which can contain any type of malware – be it ransomware or spyware, for example – coded into the image file.
When received, the image is “automatically decoded and uploaded into the fax-printer’s memory, ready for printing” Check Point notes, adding that the embedded malware then takes over the device – and can spread to any network the fax-printer is connected to.
“Using nothing but a phone line, we were able to send a fax that could take full control over the printer, and later spread our payload inside the computer network accessible to the printer,” said Check Point Research’s Eyal Itkin and Yaniv Balmas.
“We believe that this security risk should be given special attention by the community, changing the way that modern network architectures treat network printers and fax machines.
“From now on, a fax machine should be treated as a possible infiltration vector into the corporate network.”
The team of researchers tested their exploit on HP Officejet Pro 6830 all-in-one printers, but noted that they “strongly believe that similar vulnerabilities apply to other fax vendors too as this research concerns the fax communication protocols in general”.
Check Point notes that after sharing its findings with HP, the firm which was quick to respond and to develop a software patch, which is available to download now. µ
Source : Inquirer