Hackers could use fax machines to take over entire networks, researchers warn

[Matrix]

• Researchers at Check Point Software Technologies warn that cybercriminals can exploit vulnerabilities found in all-in-one printers to hack company networks.
• In a report, the researchers showed how they were able to take over a device by faxing lines of malicious code disguised as an image file.
• While fax machines are considered archaic technology, there are still millions of devices that are used today, particularly in the medical sector.

A man using an all-in-one printer found in most companies. 

In an age of instant communication over the internet, the fax machine is seen as an archaic piece of technology. But it could potentially prove to be a gold mine for hackers looking to steal company secrets.

Researchers at Nasdaq-listed Check Point Software Technologies said that fax machines — which still reside in many offices — have serious security flaws. Those vulnerabilities could potentially allow an attacker to steal sensitive files through a company's network using just a phone line and a fax number.

In a report released on Sunday, Check Point researchers showed how they were able to exploit security flaws present in a Hewlett Packard all-in-one printer. Standalone fax machines are a rarity in companies today, but the fax function is still present in commonplace all-in-one printers.

 

They faxed over lines of malicious code disguised as an image file to the printer, relying on the fact that no one usually checks the contents received over a fax. The file was decoded and stored in the printer's memory, which allowed the researchers to take over the machine. From there, they were able to infiltrate the entire computer network to which the printer was connected.

Today, companies invest heavily to fortify their networks using the latest technologies available. Security firms such as U.K.-based Darktrace believe that artificial intelligence is key to tackling cyber threats. But most of that effort is concentrated in parts of the network that hold the most sensitive files, leaving less important areas — like the all-in-one printers — more vulnerable to attacks.

As faxing is done over the phone line, that ability presents a "new attack vector" in the cyber threat landscape, according to the Check Point researchers.

HP fixed the vulnerability before the report was published, but the researchers said all-in-one printers from other companies could still have similar security flaws.

Some reports estimate that there are about 46 million active fax machines and around 17 million of them are in the United States. The medical community is still heavily reliant on fax machines and part of that boils down to tradition, where some feel more at ease with the technology. Fax technology is also considered safe and secure under today's privacy laws.

To protect themselves, companies should consider segmenting their computer network into sub-networks, the Check Point researchers said. They should keep sensitive files in a sub-network that's separate from the one to which printers are connected.

 

Source

[debebee]

How come an rj11 jack device over the phone line be network aware? Lol.. Title Should be All in 1 printers not fax

[Matrix]

37 minutes ago, DonyMach1 said:

They faxed over lines of malicious code disguised as an image file to the printer, relying on the fact that no one usually checks the contents received over a fax. The file was decoded and stored in the printer's memory, which allowed the researchers to take over the machine. From there, they were able to infiltrate the entire computer network to which the printer was connected.

 

16 minutes ago, teodz1984 said:

How come an rj11 jack device over the phone line be network aware?

 

[debebee]

Meaning your fax has a network port? Has a Modern  network os? 

[Matrix]

1 hour ago, teodz1984 said:

Meaning your fax has a network port? Has a Modern  network os? 

Sorry brother I think you're missing the point of this The fax component of this is the point of entry for this malware being the same malware could also be delivered via e-mail but would more than likely discovered by an AV.

The point is who or what monitors your faxes? which happens to be a feature of modern all in one printers.

Risk here for businesses is obvious access to printer = access to your network.

[genxu]

In today’s online world, nothing is impossible.  you have to be careful.

[dufus]