Security researchers at Check Point were able to infiltrate a network by attacking a fax machine with malicious files.
There are plenty of online fax services out there, but many organizations still have all-in-one printers and other fax-connected devices on their network.
Researchers at Check Point Software recently published a report at the Def Con hacker conference in Las Vegas showing how those device could become a gateway for attackers to gain access to your entire network. The researchers found critical vulnerabilities in several all-in-one printers. Using what they called a ‘Faxploit,’ they chose an HP device and sent an image file to the printer’s fax number disguising lines of malicious code.
Once stored in the machine’s memory, the researchers were able to use the fax machine as a jumping-off point using «lateral movement» to infiltrate an entire network and the computers connected to it. Check Point worked directly with HP to fix the vulnerability, which release a patch before the research was published
Check Point said the unsecured phone line represents a dangerous attack vector that’s not properly secured for the hundreds of millions of fax machines and all-in-one printers still in use around the world. Industries such as the medical community are at particular risk, though there are efforts to end physical fax machine use by 2020.
The researchers said online fax services using the T.30 fax protocol could be at risk as well, and recommended that organizations segment their network and of course regularly install security patches on any fax machines or all-in-one printers connected to their network.
There are really two issues here. The first is that the fax-enabled machine was able to execute arbitrary code sent to it remotely. There’s no reason for this to happen, especially from files sent via fax line.
The second more pressing issue is one of device security. When we think about secure networks, we probably think about computers, servers, and maybe phones. Those obviously need to be locked down.
But what about the routers, Wi-Fi printers, repeaters, smart lightbulbs, and other devices on the same network? If these independent devices are accessible over the internet, then they can become beachheads for the invasion of a secure network.
This problem of supposedly secure devices being exposed (or partially exposed) online has been the foundation of many attacks—both as research projects and in the wild.
At Black Hat 2018, for example, a researcher revealed that he was able to connect to the satellite communications systems of ships and aircraft inflight because the device’s modems were accessible over the internet. In fact, malware sometimes spreads automatically, simply looking for insecure devices connected to the internet. In the SATCOM talk, the researcher found that many ships were already infected with an Internet of Things (IoT) botnet and found another trying to install itself on an aircraft.
Manufacturers and customers need to take a holistic view of their networks and devices. Just because it doesn’t have a screen doesn’t mean it can’t be a target.
