Fax machines may come from the past but remain popular and used by many businesses. According to a survey that was conducted the 2015, about 46,3 millions fax machines are still in use, of which 17 million are believed to be in operation in the United States.
The above figures show the seriousness of the issue to be mentioned below. Too many security researchers are concerned with repairing security gaps in modern technologies such as mobile devices, operating systems, and browsers.
However, some security researchers have also dealt with outdated faxing technology by attacking their communications protocols. 
The Sunday we passed in Def With 26 held in Las Vegas, the Check Point Malware Research Team headed by Yaniv Balmas and security researcher Eyal Itkin presented their findings on fax security.
Researchers have reported security flaws in the HP Officejet Pro All-in-One fax machines, specifically the HP Officejet Pro 6830 all-in-one printer and OfficeJet Pro 8720.
Fax phone numbers are easy to find from the companies' websites. So all that is needed is the appropriate 0day. The attack is pretty simple as long as you have the supplies. The attacker can simply by knowing the target's phone number, fax a malicious file pictures.
The vulnerabilities detected included a buffer overflow security flaw based on “Devil's Ivy” (CVE 2017-976). Vulnerability allows remote code execution.
According to the researchers, an image file can be modified by adding malicious ransomware, cryptominers, or spayware software. Vulnerabilities in the communication protocols of fax machines can be exploited to decode and store malicious software in memory.
So if malware is loaded into memory the target fax is connected to some networks, malware will spread to other systems.
Check Point disclosed its findings to HP, which immediately developed fixes for the firmware of the devices. But according to the researchers:
The same protocols are used by too many fax machines and multifunction printers, or by fax machines such as fax2email. It is very likely that they are also vulnerable to attacks using the same method, which is a very serious threat to organizations that may not know how accessible their entire network is and how their most sensitive information can be exposed through of equipment sitting on the shelf and collecting dust.
________________________________________
- Julian Assange - Lennin Moreno: Clouds in relationship and limitations
- Athena get ready for Facebook's satellite
- CCleaner remove it directly from your computers
