The fax machine is widely considered to be a dinosaur of inter-office communications, but it may also present a vulnerable point where hackers can infiltrate an organization’s network, according to a new report from Israel-based software company Check Point. The company said that the vulnerability was identified as a result of research intended to discover potential security risks, and not as the result of any attack.
Hackers can gain access to a network using the phone line connected to a fax machine, which is often connected to the rest of an organization’s network. By sending an image file that contains malicious software over the phone line, hackers are able to take control of the device and access the rest of the network. The researchers were able to do this using only a fax number, which is often widely distributed by organizations on business cards and websites.
The report estimates that there are more that 17 million fax machines in use in the United States alone. The legal and medical fields both continue to rely heavily on fax machines to conduct business, since they are widely considered to be a more secure form of transmitting sensitive information and signatures compared to email. Banking and real estate also frequently transfer documents containing signatures via fax.
With the advent of all-in-one products that include fax functions as well as printing and scanning, fax machines may be more prevalent in homes and office than people realize. This particular vulnerability only applies if such a machine is connected to a telephone line, however.
The only machines tested were from HP’s line of all-in-one printers, but according to the report, these vulnerabilities are likely to be found in machines from any manufacturer that use similar technology. HP issued a patch for its products before the report was published, which is available for download from its support website.
The report advises that if a fax machine is too old to support a software update, or if the manufacturer has yet to issue a patch to fix the vulnerability, fax capabilities should be used only on a segmented part of the network without access to critical data. The report also advises that the phone line connected to an all-in-one type machine should be disconnected if a user or organization does not use the fax functions.