Fax machines could be the weak link in your company's security

null

Security researchers at Check Point software have discovered that it is possible to spread malware to corporate networks using altered images sent via fax machines.

The researchers presented their findings at this year's Def Con hacker conference in Las Vegas where they warned that millions of companies could possibly be at risk because of the fact that most businesses do quite little to secure their fax lines.

To add to the problem, many companies use fax machines that are also printers and photocopiers which means that they are connected to the business' internal network and an infection could spread from the fax machine to the rest of an organisation's systems very easily.

Check Point's researchers demonstrated the vulnerabilities using HP's popular Officejet Pro All-in-One fax printers. The protocols used by these printers are also used in the fax and multi-function printers of many other vendors as well as in online fax services which means that it is likely that they are also vulnerable to the same attack method.

After the firm shared its findings with HP, the company quickly responded by developing a software patch for its printers.

Today there are over 45m fax machines still in use globally with 17bn faxes sent each year. The ageing technology is still used in the healthcare, legal, banking and real estate industries where vast amounts of highly sensitive personal data are stored. For example, the NHS has more than 9,000 fax machines which are used regularly to send patient data and since emails are not considered as evidence in the courts of many countries, fax is still sued when handling certain business and legal processes.

Group Manager, Security Research at Check Point, Yaniv Balmas provided further insight on the research in a statement, saying:

“Many companies may not even be aware they have a fax machine connected to their network, but fax capability is built into many multi-function office and home printers. This groundbreaking research shows how these overlooked devices can be targeted by criminals and used to take over networks to breach data or disrupt operations.”

To avoid falling victim to such an attack, Check Point recommends that all businesses and individuals check for available updates for their fax devices regularly and apply them.

Image Credit: KlausAires / Pixabay