News | Hackers could use fax machines to take over entire networks, researchers warn

Mohamed Hakim
News

In an age of instant communication over the internet, the fax machine is seen as an archaic piece of

Researchers at Nasdaq-listed Check Point Software Technologies said that fax machines — which still reside in many offices — have serious security flaws. Those vulnerabilities could potentially allow an attacker to steal sensitive files through a company's network using just a phone line and a fax number.
In a report released on Sunday, Check Point researchers showed how they were able to exploit security flaws present in a Hewlett Packard all-in-one printer. Standalone fax machines are a rarity in companies today, but the fax function is still present in commonplace all-in-one printers.

They faxed over lines of malicious code disguised as an image file to the printer, relying on the fact that no one usually checks the contents received over a fax. The file was decoded and stored in the printer's memory, which allowed the researchers to take over the machine. From there, they were able to infiltrate the entire computer network to which the printer was connected.

Today, companies invest heavily to fortify their networks using the latest technologies available. Security firms such as U.K.-based Darktrace believe that artificial intelligence is key to tackling cyber threats. But most of that effort is concentrated in parts of the network that hold the most sensitive files, leaving less important areas — like the all-in-one printers — more vulnerable to attacks.

As faxing is done over the phone line, that ability presents a "new attack vector" in the cyber threat landscape, according to the Check Point researchers.

HP fixed the vulnerability before the report was published, but the researchers said all-in-one printers from other companies could still have similar security flaws.

Some reports estimate that there are about 46 million active fax machines and around 17 million of them are in the United States. The medical community is still heavily reliant on fax machines and part of that boils down to tradition, where some feel more at ease with the technology. Fax technology is also considered safe and secure under today's privacy laws.

To protect themselves, companies should consider segmenting their computer network into sub-networks, the Check Point researchers said. They should keep sensitive files in a sub-network that's separate from the one to which printers are connected.