Skip to main content

Fax Machines Might Be Gateway To Next Hacker Attack

By August 23, 2018June 3rd, 2022Cybersecurity

Nothing bad could possibly happen to your company’s network if the only piece of information the hackers have is your fax number, right?

Unfortunately not, according to recent research by employees at Check Point.

They recently revealed details about not one, but two different REC’s (Remote Code Execution) techniques that exploit flaws in the communications protocols of tens of millions of fax machines spread all over the globe.

If you think the Fax machine has largely gone the way of the dinosaur, think again.  Many printers sport “all in one” functionality, which includes both scan and fax functionality, and therein lies the problem.  Since these printers are invariably attached to your network, your fax number is a good a way in, since most people don’t even think about it.

Called the “Faxploit,” the new attack type involves a pair of known buffer overflow vulnerabilities, CVE-2018-5925 and CVE-2018-5924, which allows anyone who takes advantage of them to have the ability to execute code remotely.

The researchers who discovered the issue created a proof of concept video demonstrating the attack in action.  In their demo, they made use of an HP Officejet Pro 6830 and an OfficeJet Pro 8720, sending an image file with a malicious payload through the phone line.  The moment the fax machine receives it, the image is decoded and uploaded into the fax/printer’s memory.

From there, the sky is the limit.  Having gained a foothold on the network, what happens next is entirely dependent on the nature of the payload delivered.  One thing you can be sure of, however, is that none of the outcomes you can expect will be good.

The researchers point out that there’s nothing special about the two all in one printers they selected, and the vulnerability will work on just about any make or model.  Something new to be worried about.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.