ATO claims to have received more than 115,000 faxed documents in 2017-18. According to ‘The Age’, and ‘the Sydney Morning Herald ‘, many small Australian companies in the healthcare, finance and legal sector still use fax on a daily basis. The vulnerabilities in the fax machine protocols haven’t been updated since the 1980s and such extensive use of fax printers in Australia pose a huge problem.
At the recent DEF CON 26 hacker event in Las Vegas, two security researchers from Check Point demonstrated one such exploit - ‘Faxploit’. They showed that a hacker only needs a fax number to exploit these vulnerabilities. A specially coded colour jpeg can have any malware code, which when received by the fax printer, can easily be decoded and uploaded into the printer’s memory. The malware can then spread through the device and ultimately to the network that is connected to the fax-printer.
One way to prevent Faxploit is via network segmentation. Companies can limit the data access to an attacker by breaking large networks into smaller ones, or by isolating fax machines in their own subnetworks.
Faxploit takes advantage of two buffer overflows in a fax protocol: CVE-2018-5924 and CVE-2018-5925. There are two ways in which hackers can leverage vulnerabilities:
- Some researches argue that a hacker can send fax images that exploit these vulnerabilities and gain access to execute malicious code on the fax machine.
- A hacker only needs the fax number to attack that organisation. Since most organisations put their fax number on their website.The attack code can come directly from a phone line.
HP has released two patches for HP Officejet all-in-one printers. Check them out here