Faxploit – Fax Machines Allow Hackers To Take Over An Entire Network

While we have been hearing plenty of peculiar reports from the Def Con hacker conference, here comes another piece of interesting news. Researchers from CheckPoint Software presented a detailed report at the conference explaining ‘Faxploit’ – a term they coined to refer to a fax machine exploit.

Faxploit – Allowing Hackers To Exploit Fax Machines For Massive Hacks

Researchers at CheckPoint Software discovered several vulnerabilities affecting all-in-one printers. They presented a detailed report at Def Con Las Vegas explaining how hackers can exploit fax machines in order to gain a further leverage over an entire network.

Conventional fax machines have since been transformed into all-in-one printers and will likely remain in most offices for a while. Many of these printers utilise WiFi, Ethernet, and Bluetooth

Summarizing their work for the ‘Faxploit’ discovery, the report states,

“Using the HP Officejet Pro 6830 all-in-one printer as a test case, we were able to demonstrate the security risk that lies in a modern implementation of the fax protocol. Using nothing but a phone line, we were able to send a fax that could take full control over the printer, and later spread our payload inside the computer network accessible to the printer.”

After discovering the vulnerability, researchers informed HP about it in May 1, 2018. Then, after continuous collaboration for months between HP and the researchers regarding the flaws, HP patched the vulnerabilities on August 1, 2018. Researchers then disclosed their report publicly at Def Con 2018.

Is ‘Faxploit’ A Red Alert For Network Security?

The discovery of Faxploit gives food for thought to cybersecurity researchers, experts, and analysts. Indeed, such vulnerabilities raise concerns about the number of network devices that could be vulnerable.

PC Mag comments on these findings in the following way,

“There are really two issues here. The first is that the fax-enabled machine was able to execute arbitrary code sent to it remotely. There’s no reason for this to happen, especially from files sent via fax line. The second more pressing issue is one of device security. When we think about secure networks, we probably think about computers, servers, and maybe phones. Those obviously need to be locked down. But what about the routers, Wi-Fi printers, repeaters, smart light bulbs, and other devices on the same network? If these independent devices are accessible over the internet, then they can become beachheads for the invasion of a secure network.”

Certainly, under such circumstances, no one can ever be sure that ones office equipment can be free of vulnerabilities.

Max Eddy, Software Analyst at PCMag, while speaking with LHN made the following comments:

“Manufacturers and customers need to take a holistic view of their networks and devices. Just because it doesn’t have a screen doesn’t mean it can’t be a target.”

He further expressed his concerns about such vulnerabilities affecting organizations and their consumers.

“The point of research like this is to be a wakeup call for vendors and corporate decision makers. Vendors need to take security seriously and consider that their devices can be used in an attack. The people who decide how to allocate corporate budgets need to listen to their IT people, most of whom understand that any device connected to the network is a potential threat.”

Possible Solutions?

Though HP already released a patch for Faxploit, we never know when such bugs could appear in other devices too. It has the potential to trigger massive cyber attacks at the organizational level that had previously not been considered. CheckPoint researchers didn’t explain too much about how such vulnerabilities can be controlled on larger scales. Nonetheless, Max Eddy shared some quick tips with us over the matter.

“One to protect corporate networks is segmentation. Having separate networks for computers, connected devices (like printers and smart devices), and guest access makes it much harder for an attacker or automated malware to spread across a network. Basic security practices, like staying up-to-date on patches and changing default passwords are a must. The best option is to think critically about what devices are allowed on corporate networks and what are not. Does the CEO really need a smart coffee maker, or will a dumb one do?”

Interestingly, the present news adds an additional issue to the HP printer bug related reports which we covered a few days ago. Ironically this all happened right after we heard of the first ever printer bug bounty program by HP.

Let us know your thoughts on this article in the comments section.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil