Network Attacks Via Fax Machines

Researchers at the DEF CON 2018 cyber security convention revealed that they could access an internal network using legacy technology – a fax machine.

Check Point Research has shown that hackers can infiltrate any home or corporate network by exploiting weaknesses in all-in-one printer fax machines.

The team used an HP all-in-one printer fax machine as the test case, and close cooperation with the company ensured a patch for the vulnerability was provided for HP’s products. But similar attacks could apply to other vendors, as the vulnerability lies in the fax protocol itself.

Fax is now viewed by many as obsolete, meaning its security is potentially overlooked. However, faxes are not only still used, but have been integrated into printers and photocopiers. Fax machines use protocols developed in the 1980s; in this case, the researchers used these old protocols to exploit modern printers.

The impact of not upgrading hardware can be just as great as for software, and can potentially double the risk of a breach. Legacy hardware may be unable to integrate with modern systems, may lack software updates for vulnerabilities, may fall short of regulatory requirements and may lack modern security features. It may also provide an easy access point for cyber actors to gain access to networks and conduct further operations.

Where possible, both software and hardware should be updated. The benefits of upgrading systems typically outweigh the risks of upkeeping a legacy system.

fax hacking network