Hackers can steal data from the enterprise using only a fax number

Fax machines are still widely used by businesses and a communications protocol vulnerability is leaving them exposed to cyberattacks.
Written by Charlie Osborne, Contributing Writer

Fax machines may seem antiquated, but they remain popular devices for enterprise players.

Banking and real estate firms may use fax when client signatures on documents are required quickly, legal businesses still make use of guaranteed delivery and rapid document printing, and healthcare organizations bound by HIPAA privacy rules for patient data may choose them rather than more modern methods for document handling.

According to research conducted in 2015, approximately 46.3 million fax machines are still in use, of which 17 million are believed to be operating in the United States.

While the focus of many IT vendors, tech giants, and cybersecurity researchers worldwide are patching and resolving security flaws in modern technologies such as mobile devices, operating systems, and browsers, older technologies may be inadvertently ignored -- pacing the way for cyberattackers to act.

Researchers have now highlighted this issue by demonstrating how newly-discovered vulnerabilities in fax communications protocols can be used to compromise both enterprise and consumer networks.

TechRepublic: How to send a fax from your iPhone

On Sunday at Def Con 26 in Las Vegas, Check Point Malware Research Team Lead Yaniv Balmas and security researcher Eyal Itkin presented their findings into fax security.

The researchers demonstrated the existence of the security flaws in the HP Officejet Pro All-in-One fax printer range; specifically, the HP Officejet Pro 6830 all-in-one printer and OfficeJet Pro 8720.

See also: DeepLocker: When malware turns artificial intelligence into a weapon

Fax numbers are easy to find simply by browsing a corporate website or requesting the information directly -- and this is all that is needed to exploit the new bugs. When this number has been acquired, attackers can send a malicious, crafted image file by fax to a potential victim.

The vulnerabilities discovered included a stack-based buffer overflow security flaw and "Devil's Ivy," (CVE 2017-976), which permits remote code execution through database handling errors.

According to the researchers, an image file can be coded with malware including ransomware, cryptominers, or surveillance tools. Vulnerabilities in the fax machines' communication protocols can then be exploited to decode and upload the malware payloads to memory.

If malware is loaded into memory and fax machines are connected to networks, malicious code has the ability to spread and compromise additional systems, potentially leading to espionage, service disruption, or information exfiltration.

Check Point disclosed its findings to HP, which developed and deployed firmware patches in response.

CNET: These popular Android phones came with vulnerabilities pre-installed

"The same protocols are also used by many other vendors' faxes and multifunction printers, and in online fax services such as fax2email, so it is likely that these are also vulnerable to attack by the same method," the team said. "This new vector poses a serious threat to organizations who may well not be aware of how accessible their entire network is, and how all their most sensitive information may be exposed, via a piece of equipment that is still sitting on the shelf collecting dust."

Previous and related coverage

Editorial standards