UPDATED 22:52 EST / AUGUST 12 2018

INFRA

Time to retire old tech: Report finds fax machines are easily hackable

Remarkably in 2018 some people still use fax machines. For those under the age of 40, they’re devices that allow users to send copies of documents using a telephone line. Now, a new security report suggests that it might be time for those hanging on to the outdated technology to retire them.

A new report from Check Point Software Technologies Ltd. has found that fax machines can be easily hacked by an attacker dialing into a fax machine, then transmitting a fax image embedded with malicious code.

In the report, Check Point said it found a vulnerability initially in an HP Officejet Pro 6830 all-in-one printer, the all-in-one indicating that it offers multiple office functions, including the ability to send a fax. While those of a particular age may remember fax machines being standalone units, fax functionality primarily comes today through all-in-one units that are connected via Wi-Fi, Bluetooth or cable to office computers.

Therein lies the risk. Check Point was able, using nothing but a telephone line connected to the HP unit, to send a fax that took full control of the unit. It then could spread the payload across the computer network the unit was connected to.

HP issued a patch for the vulnerability before Check Point went public with its findings, but the larger problem is that the same vulnerability could easily exist in units manufactured by other companies that are connected to a corporate network, such as those from Canon Inc. and Seiko Epson Corp.

Worse still, the researchers noted that many all-in-one units still in use may be too old and used by too few to be worth patching. To address the risk, the researchers recommend that devices with fax functionality be segmented from a network.

“It is a policy that should be implemented to minimize the level of access to sensitive information for those applications, servers, and people who don’t need it, while enabling access for those that do,” they said. “Once unauthorized access is gained, network segmentation can provide effective measures to mitigate the next stage of intrusion into a network and limit the spread of the attack by lateral movement across it.”

The alternative for all-in-one units that are still functional and being used is to disconnect them from a phone line and use them only for printing and scanning.

Photo: Duncan Riley

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU