Vulnerabilities in Fax Machines May Allow Network Access and Exfiltration of Sensitive Data

Healthcare companies still extensively use faxes for communication and in some hospitals, as much as 75% of all communications are via faxes. Fax machines are often viewed as secure and would unlikely be a target for hackers, although new research has shown that not only can a threat actor gain full control of the fax and any information sent through it, the fax can be used to gain network access and steal data through the phone line.

Researchers at Check Point detected flaws in the fax protocol and successfully exploited them to turn the fax machine into a backdoor that allowed network access. They successfully deployed malware on the network via the fax machine which searched for sensitive files and transmitted them back via fax.

The researchers wrote a script and sent it along with an image file to a targeted fax machine through the phone line. The fax machine received the image file, loaded it into the memory, and sent it for printing. The researchers were able to trigger a buffer overflow condition which allowed remote code execution, letting them gain full control of the fax machine. The fax machine was networked, so it was possible to identify computers on the same network and use the Eternal Blue and Double Pulsar to distribute malware to those devices.  The malware was programmed to search for certain types of files and send them back to the researchers via fax. No internet access was needed. The attack was played out entirely via the phone line.

Check Point conducted the attack on an HP OfficeJet Pro all-in-one fax printer, although the same flaws were present in many other manufacturers’ devices. Check Point informed HP about the vulnerability and a patch has now been released to correct the flaw and prevent such an attack from occurring. Other manufacturers are expected to release patches shortly.

Check Point notes that it is not only all in one printers that are vulnerable. Stand alone fax machines could similarly be attacked using the same method and fax to email services could also be vulnerable to this type of attack.

Check Point recommends all companies that still utilize fax machines should check to make sure that their devices can be updated. When patches are issued, they should be applied promptly. It is also important to use fax machines on isolated networks. Healthcare companies should not use fax machines on networks where protected health information could be accessed.

The Check Point team appear to be the first security researchers to discover the flax, and no reports have been received to suggest this method of gaining network access is currently being used, although that may not remain the case for long.