Faxploit Attack Utilizes Fax Machine to Gain Network Access and Thieve Data

August 16, 2018


Since the 1960s, companies have been using fax machines to send and receive orders and communicate data swiftly. To a large degree, electronic mail has substituted the fax, even though faxes are still widely used, particularly in healthcare. It has been approximated that there are still about 300 million fax machines in use throughout the world.

Although fax technology is old – it was first developed in the late 1800s – faxes are not usually viewed as being the main safety risk. Scientists at Check Point beg to differ.

Given the level to which faxes are still being used, Check Point scientists concluded to examine to decide whether it was possible to distantly hack a fax machine. Not only did they discover it was possible, they successfully gained complete control of a fax machine and used it as a backdoor to gain access to a network and steal information from a PC. The hack was pulled off distantly using a phone line, fax number, and receiver fax to receive the stolen data.

The attack was made possible because of a fault in the fax protocol which, together with a device weakness, permitted the scientists to activate a buffer overflow condition and distantly execute code. The scientists gained complete control of the fax machine and then searched for computers linked to the same network. When those computers were found, they were attacked using the NSA exploit Eternal Blue.

Using this exploit, malware was downloaded which has been programmed to look for files of interest. When files were traced, they were transferred back to the researcher through the compromised fax machine.

The scientists carried out the attack on the HP Officejet Pro 6830 all-in-one printer – A printer usually used by small to medium-sized companies. After showing the attack, HP was informed of the fault and a patch has since been released to rectify the problem.

Nevertheless, HP isn’t the only firm susceptible to such an attack. Epsom and Cannon printers similarly have the faults, as do several others. The scientists showed the fault is in all-in-one printers, however also propose the same attack methodology might be utilized to attack standalone fax machines and fax-to-email facilities.

This method of gaining access to a network doesn’t seem to be presently used in the wild, even though it’s possible that fax machines might be utilized in cyberattacks in the time to come. Check Point proposes fax machines and network printers should be seen as a possible weak point in safety defenses and steps must be taken to make sure that faults can’t easily be abused to gain access to confidential data, install cryptocurrency miners, and spread ransomware and malware.

Companies should also only use fax-printers that can be updated and patches should be applied as quickly as they become available. Among the best methods to safeguard against such an attack is through network division. It will not stop an attack happening, but it will restrict the harm that can be caused.

If the fax is situated in a segmented part of the network, it can’t be used to gain access to the whole network – such as the parts where highly confidential data is stored.