Using fax for business communications in North America is increasingly disappearing, but it’s still important in some sectors — particularly healthcare and legal. Which is why a warning by Check Point Software of a fax machine protocol vulnerability that could lead to network infiltration needs to be heeded.
In a blog this week the company said all an attacker needs to do is send a malicious file over the phone line of a fax machine (including faxes that are part of all-in-one printers).
“The crucial element to notice is that whereas most attacks today penetrate through an Internet connection to enter an organization’s network, using this vulnerability in the fax protocol even a network that is completely detached would be vulnerable,” says the vendor. “This is due to the attack being channeled through a route that until now was considered to be secure and need not have protection layers applied.”
In addition to getting into a corporate network an attacker could tamper with a fax itself or steal sensitive data in a fax, says the blog. Check Point proved the validity of the concept, which it dubs Faxploit, by testing it on an HP Officejet machine. Hewlett Packard has already issued a patch for dozens of models.
Infosec teams should check with makers of devices that have fax capability in their organizations to see how they are handling this vulnerability. Network segmentation is one defence. If there are all-in-one devices in your environment but the fax capability isn’t being used then it shouldn’t be connected to a phone line.
For its test Check Point built an attack using the Eternal Blue and Double Pulsar Windows exploits squeezed into a JPG file. This video explains how it was done.
According to Check Point there are currently around 46.3 million fax machines still in use around the world, with 17 million of them in the U.S. alone.
“Maintaining a frequent patching schedule and segmentation infrastructure, along with a high level of IT hygiene in general, is essential for protecting your data from potential attacks, from wherever they may come,” says the vendor.
Check Point has a detailed description of the attack techniques here.