Fax hacking: it hurts your company very seriously

Fax machines may come from the past but remain popular and used by many businesses. According to a survey that was conducted the 2015, about 46,3 τηλεομοιοτυπικά fax machines are still in use, of which 17 million are believed to be operating in the United States.

The above numbers prove the seriousness of the issue that we will mention below. Too many security researchers are concerned with patching security holes in modern technologies such as mobile devices, operating systems and browsing.

Some security researchers, however, also dealt with the outdated one of fax machines by attacking the communication protocols they use. fax

The Sunday we passed in Def With 26 held in Las Vegas, Check Point Malware Team με επικεφαλής τον Yaniv Balmas και τον ερευνητή and Eyal Itkin presented their findings on fax security.

Researchers have reported security flaws in the HP Officejet Pro All-in-One fax machines, specifically the HP Officejet Pro 6830 all-in-one printer and OfficeJet Pro 8720.

Fax phone numbers are easy to find from the companies' websites. So all that is needed is the appropriate 0day. The attack is pretty simple as long as you have the supplies. The attacker can simply, knowing the target's phone number, fax a malicious .

The vulnerabilities identified included a buffer overflow security flaw based on “Devil's Ivy” (CVE 2017-976). Vulnerability allows remote code execution.

Σύμφωνα με τους ερευνητές, ένα αρχείο ς μπορεί να τροποποιηθεί με την προσθήκη κακόβουλου λογισμικού ransomware, cryptominers, ή spayware. Οι ευπάθειες στα πρωτόκολλα επικοινωνίας των συσκευών fax μπορούν να αξιοποιηθούν για να αποκωδικοποιήσουν και αποθηκεύσουν το κακόβουλο λογισμικό στη μνήμη.

So if malware is loaded into memory the target fax is connected to some networks, malware will spread to other systems.

Check Point disclosed its findings to HP, which immediately developed fixes for the of the devices. But according to the researchers:

The same protocols are used by many fax machines and multifunction printers, or in fax email services such as fax2email. So it is very likely that they are also vulnerable to attacks using the same method, which is a very serious threat to organizations who may not know how accessible their entire network is and how the most sensitive can be exposed. them through equipment sitting on the shelf gathering dust.

________________________________________

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).