Faxploit Attack Uses Fax Machine to Gain Network Access and Steal Data

Since the 1960s, businesses have been using fax machines to send and receive orders and communicate data quickly. To a large extent, email has replaced the fax, although faxes are still extensively used, especially in healthcare. It has been estimated that there are still around 300 million fax machines in use around the world.

While fax technology is old – it was first developed in the late 1800s – faxes are not typically viewed as being a major security risk. Researchers at Check Point beg to differ.

Given the extent to which faxes are still being used, Check Point researchers decided to investigate to determine whether it was possible to remotely hack a fax machine. Not only did they discover it was possible, they successfully gained full control of a fax machine and used it as a backdoor to gain access to a network and steal information from a PC. The hack was pulled off remotely using a phone line, fax number, and recipient fax to receive the stolen data.

The attack was made possible due to a flaw in the fax protocol which, coupled with a device vulnerability, allowed the researchers to trigger a buffer overflow condition and remotely execute code. The researchers gained full control of the fax machine and then searched for computers connected to the same network. When those computers were located, they were attacked using the NSA exploit Eternal Blue.

Using this exploit, malware was downloaded which has been programmed to search for files of interest. When files were located, they were transmitted back to the researcher via the compromised fax machine.

The researchers performed the attack on the HP Officejet Pro 6830 all-in-one printer – A printer commonly used by small to medium sized businesses. After demonstrating the attack, HP was notified of the flaw and a patch has since been released to correct the issue.

However, HP is not the only company vulnerable to such an attack. Epsom and Cannon printers similarly contain the flaws, as do many others. The researchers demonstrated the flaw exists in all-in-one printers, but also suggest the same attack methodology could be used to attack standalone fax machines and fax-to-email services.

This method of gaining access to a network does not appear to be currently used in the wild, although it is possible that fax machines may be used in cyberattacks in the future. Check Point suggests fax machines and network printers should be viewed as a possible weak point in security defenses and steps should be taken to ensure that flaws cannot easily be exploited to gain access to sensitive data, install cryptocurrency miners, and spread malware and ransomware.

Businesses should also only use fax-printers that can be updated and patches should be applied as soon as they become available. One of the best ways to protect against such an attack is through network segmentation. It will not stop an attack taking place, but it will limit the harm that can be caused.

If the fax is located in a segmented part of the network, it cannot be used to gain access to the entire network – such as the parts where highly sensitive data is stored.

Author: NetSec Editor