Fax Vulnerability Found

Would you ever have guessed that hackers could break into your network with just a fax? Few businesses would, but this new fax vulnerability can be that simple. Hackers need only to send a tainted fax to break in before moving to steal data and infecting other systems. And yes, all-in-one printers set up to receive faxes are also weak to this issue! Here’s a bit on how it works.

 

So how do hackers use this fax vulnerability?

Fax machines and all-in-one printers are really just specialized computers. So although many people think of them as just printing, faxing, and scanning, they have hard drives and memory just like any other computer. This means that hackers can break into them and use them much like other computers on your network.

Fax devices take electronic signals and convert them into images. So if hackers corrupt those images with malware, they can use that image to take over the device. All they have to do is send the fax to your device. And since fax capable devices are rarely secured, most businesses will never notice.

After that, they are inside your network, and they can try to infect other computers or even steal data.

 

How could they cause a breach?

The interesting thing is that hackers can get data out without using methods firewalls typically look for. All they have to do is use the device to send a fax with the data to themselves— a normal function for fax machines. This makes fax machines and all-in-one printers important to secure and to treat as possible sources of breaches.

 

What do I do about this fax machine vulnerability?

First of all, make sure to regularly update your all-in-one devices. HP already published updates to fix this on many of their devices, and hopefully other vendors will soon too. But keep in mind that some older fax machines may never get these updates, and you will need to isolate these from your network.

If you choose to leave fax enabled all-in-one printers connected to your network, then you need to be sure to monitor them. Watch for unusual bursts of data sent to the device and for it sending faxes while not in use. These signs may indicate a serious problem or possible data breach.

 

What’s next?

Ultimately, businesses need to view fax enabled all-in-one devices as a possible breach source and treat them like one. For many businesses this may mean getting rid of fax all together, for some it may mean additional precautions. But be sure to weigh the benefits of faxing against the risks of data breach.

If you need help with this, or with taking the next steps to keep your devices secured, Astria is here to help. We can take a look at your network and help you isolate fax enabled devices and make sure they aren’t a threat. Make sure you avoid this new fax vulnerability— contact us today for help!