It has recently been discovered by Check Point researchers that fax machines contain cyber-vulnerabilities that allow attackers to infiltrate your network using only a fax number. Given that many companies today still use fax machines, and that fax numbers are publicly provided contact information, this new exploit poses a major vulnerability concern to thousands of organizations.
The new exploit that abuses this vulnerability has been dubbed “Faxploit” (short for fax exploit), and is believed to affect all fax-capable machines, including fax-to-mail services and all-in-one printers.
To infect the printer, all the attackers need to do is send a malicious fax to the machine. From there, they can gain full control of the device and then further infiltrate the company’s network. In their study, the researchers at Check Point were able to gain control of an HP Officejet all-in-one printer simply by sending an infected fax, and then were able to infect its network with spying software such as ‘EternalBlue’.
Another point of vulnerability that was discovered was through the fax machine’s PSTN phone line connection. Using this, attackers can exploit the machine and gain control of the device without it even being connected to the internet.
Still a Lab Contained Danger
The Faxploit has not been detected outside of the laboratory conditions, reported the Check Point researchers. However, they noted that it will only be a matter of time before other researchers and cyberattackers develop the software for themselves.
The researchers stated that they have already notified HP of the exploit, and the company has since developed and released a patch that has repaired the cyber vulnerability. This update was released on August 1st 2018, and likely has already been applied to your printer if its update-sequence is set to automatic. However, if your printers’ updates are manually managed, it is important to ensure that the latest software has been installed on it.
The checkpoint researchers have confirmed that the exploit works on HP all-in-one machines, and has therefore prioritized communicating with this manufacturer to develop a fix. However, they believe that the exploit will also work on devices from other manufacturers. There is no word yet from these companies on fixes.
Here are some best practices to keep in mind to protect your organization’s or personal printer from infection:
Firstly, always ensure that your fax machine is running the latest software from its developer. If the automatic update feature is not turned on, manually check if the latest firmware is running. Second, if you do not use the fax features of your all-in-one printer machine, it is beneficial to disconnect it entirely from the PSTN line, eliminating this potential malicious pathway into your network. Finally, if you are unable to completely disconnect your fax machine, use network segmentation to protect critical areas of your network. This strategy involves creating ‘breaks’ in an organization’s network by disconnecting groups of computers from each other. This way, if a segment becomes infected, the infection can be contained more easily.
GigE Solutions can help your company protect its networks from fax exploits by ensuring that all your machine are up-to-date with the latest patches from developers. Contact us at +1 (888) 366-4443 to get started today.