Firms using fax machines exposed to cyber attacks, researchers claim
Published On: August 13, 2018 |
Many businesses that still use outdated fax communications technology could be putting themselves at risk of falling victim to a security breach, researchers have warned.
Although faxes are considered obsolete by many companies, they still have an important role to play in some industries. The NHS, for example, is a major user of fax machines, with the BBC reporting around 9,000 are still in use in England. Government agencies, banks and laws firms are among the other organisations still reliant on the technology.
But security experts from Check Point Software say that by sending a specially customised image to one of these devices, hackers could gain access to a company’s wider network.
Researcher Yaniv Balmas told the BBC that this is because many fax machines also function as printers and copiers, so have a connection to the business’ internal network that hackers can exploit.
Mr Balmas said his firm had been surprised to learn just how widespread fax machines are in many businesses, especially as they usually have no security measures built into them at all and rely on protocols that have not changed since the 1980s.
“There seems to be a lot of organisations, government agencies, banks and others that are still using fax,” he stated, noting there are a range of legal and historical reasons for their continued presence.
“Fax is still considered as visual evidence in court but an email is not,” he continued. “That’s why some government agencies require you to send a fax.”
Check Point created and sent an image that was loaded with a malicious payload based on the Eternal Blue software exploit – the same weakness that lead to the WannaCry ransomware attack last year.
This exploits flaws in the protocols used to define the format of fax messages. Many of these are poorly worded, which means different manufacturers interpret them in different ways.
In particular, the researchers identified problems with the way the protocols were used in some multi-purpose printers made by HP that are widely used by businesses.
HP has issued a patch to address the issue, but Mr Balmas said that as fax numbers were very widely shared, they could be an easy-to-find attack route for malicious hackers who target other machines.
Share This Post, Choose Your Platform!
With over 20 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.