Fax often poses a security risk within company networks
Research by the security company Check Point shows how easy it is for cyber criminals to lay down or take over entire company networks via the fax number. The researchers discovered new vulnerabilities in the communication protocols that are still used by millions of fax machines worldwide. A fax number is everything an attacker needs to find these weak points and take over the network. All findings were presented in Las Vegas during the hacking conference DEF CON 26 .
The fax and its outdated technology
Although the fax is no longer known as the most advanced technology, there are still more than 45 million fax machines in use all over the world, and every year, not too much n 17 billion faxes sent.
There is still a lot of faxing in sectors where sensitive and often personal information is used, such as health care, banking, real estate and the legal profession. In many countries, for example, e-mails in the court are not yet seen as official proof and fax is used for certain legal processes.
The National Health Service in Great Britain alone has 9,000 fax machines in use to transmit patient information.
HP Officejet Pro All-in-One
The Check Point survey specifically addresses the vulnerabilities in the popular HP Officejet Pro All-in-One fax printers. The communication protocols used in this series are also often the standard for fax machines and multifunction printers from other suppliers and online fax services, such as fax2email. HP immediately developed a software patch for his printers after hearing these findings.
Get fax numbers
Usually fax numbers are easy to find via the company website. The only thing an attacker then has to do is to send a specially created image file via the fax. The weak points in the communication protocol make it possible for malware to be encoded in the image file, which then decodes and uploads the fax machine to its memory.
To do
It should be clear that no part of the corporate network may be forgotten in security. Is there a fax at your office? Then it is advisable to update it first with the last patches .
In addition, it is important that they are connected to a separate secured network. This is really an advantage. Because by separating the fax from other devices, applications and servers, where sensitive information can be stored, you make it more difficult for malware to spread within the company network.