All In One Printers with Fax Capability Could Make You Vulnerable to Being Hacked
August 23, 2018 - You may think that nobody uses fax machines anymore, but that isn't true. There are still millions of fax machines with dedicated phone numbers in use. In fact, some industries would still have issues functioning without them. Now researchers have proven that those fax machines can be hacked in such a way that could leave any computer on your network vulnerable to hacking.
This hacking technique is being called a "faxploit," and it is relatively simple for hackers to implement. The technique was demonstrated by Yaniv Balmas & Eyal Itkin - researchers at Check Point - at the recent Def Con 26 Conference. Here is how it works.
All the hacker needs to start a faxploit is the phone number to an all-in-one fax machine that is network connected. The hacker calls that machine. When the machine answers, a document is sent that contains malicious code.
That may sound odd. After all, when you fax a document, you're sending an image. You're not sending a file. At least, that's what we've all be taught.
Your fax machine sees things differently. When a document is received, the fax machine reads the information coming into it as a series of 1s and 0s… in other words, as code. That's how the machine knows what to print. In old-style fax machines, documents were printed very slowly as they came in. But in the fax machines we use today, entire document pages are transmitted and stored in the fax machine prior to printing. And they are stored as code. That means that if you can send a fax containing the correct code, you can actually take over the fax machine. And if that machine is attached to a computer network, you can take over other devices that are attached to the same network.
Once hacker has gained access to the fax machine and its network, he can search attached computers and look for files of interest. Once a file is found, it can be sent back to the hacker via fax.
Businesses that no longer use fax images can protect themselves simply by removing the machines dedicated phone line. This will still allow the machine to function as a scanner and printer. And it still allows it to function as a networked device.
Unfortunately, businesses that do still need fax machines are going to have to change some of their procedures if they want protection. Networked machines shouldn't have a fax phone line. And fax machines shouldn't be networked. Until fax manufacturers make some modifications to the way their machines work, there really aren't a lot of other options.
Here is a video that demonstrates how faxploits work.
Fraud and Scams 
