Criminals Can Compromise Company Networks by Sending Malicious Faxes
Check Point has revealed details about the two critical remote code execution vulnerabilities (CVE-2018-5924, CVE-2018-5925) it discovered in the communication protocols used in tens of millions of fax devices globally.
A fax number is all an attacker needs to exploit the flaws, and potentially seize control of a company or home network.
The Check Point research demonstrated the vulnerabilities in the popular HP Officejet Pro All-in-One fax printers.
The same protocols are also used by many other vendors’ faxes and multifunction printers, and in online fax services such as fax2email, so it is likely that these are also vulnerable to attack by the same method.
About Faxploit
Usually seen as outdated technology, there are over 45 million fax machines in use in businesses globally, with 17 billion faxes sent every year.
It is still widely used in several Industry sectors such as healthcare, legal, banking and real estate, where organizations store and process vast amounts of highly sensitive personal data. The UK’s National Health Service alone has over 9,000 fax machines in regular use for sending patient data. In many countries, emails are not considered as evidence in courts of law, so fax is used when handling certain business and legal processes. Nearly half of all laser printers sold in Europe are multifunction devices with fax capability.
Once an attacker obtains an organization’s fax number (which is easily obtainable from corporate websites), the attacker sends a specially created image file by fax to the target. The vulnerabilities enable malware (such as ransomware, crypto-miners or spyware) to be coded into the image file, which the fax machine decodes and uploads to its memory. The malware can then potentially breach sensitive data or cause disruption by spreading across any networks to which the fax machine is connected.
Prevent exploitation
To minimize the security risk, Check Point advises that organizations check for available firmware updates for their fax devices and apply them.
“We worked closely with HP to fix the vulnerability and, following the process of responsible disclosure, they managed to release a patch before this publication. In fact, if your device is already configured to auto-update then the patch has likely already been applied. This patch, however, only applies to HP all-in-one printers and the vulnerability may well still apply to devices from other manufacturers as well,” the researchers noted.
Businesses are also urged to place fax devices on a secure network segment separated from applications and servers that carry sensitive information.
“Once unauthorized access is gained, network segmentation can provide effective measures to mitigate the next stage of intrusion into a network and limit the spread of the attack by lateral movement across it,” they explained.
The good news is that there’s no indication that the vulnerabilities are being exploited in the wild.
“Many companies may not even be aware they have a fax machine connected to their network, but fax capability is built into many multifunction office and home printers,” said Yaniv Balmas, Group Manager, Security Research at Check Point. “This groundbreaking research shows how these overlooked devices can be targeted by criminals and used to take over networks to breach data or disrupt operations.
Source: helpnetsecurity
Latest Jobs
-
- Public Sector Cyber Security Sales | UK
- England
- N/A
-
Public Sector Cyber Security Sales | UK UK | Remote / Hybrid A cyber security provider is seeking a Public Sector Sales professional to drive growth across UK government and public sector organisations. Must have current Cyber Security sales experience. Responsibilities Generate new business selling cyber security solutions into UK public sector Build relationships with CIO, CISO and senior technology stakeholders Manage the full sales cycle from opportunity to contract close Develop pipeline across central government, local government and public sector bodies Support bids, tenders and framework opportunities Experience Proven cyber security sales experience in the UK Track record selling into public sector organisations Familiarity with CCS, G Cloud or other government frameworks Strong stakeholder engagement and deal management skills Location UK based Security Requirements Eligible to obtain UK Security Clearance
-
- Security Architect | MoD - Security Cleared. OUTSIDE IR35 | Hampshire
- N/A
- Outside IR35
-
Security Architect | MOD | Security Cleared | Outside IR35 | Hampshire Commutable The successful candidate must be willing to undergo DV Clearance, ideally already holding active clearance. You will produce high and low level security architecture documentation, guiding and validating designs for systems deployed within sensitive environments. The role requires providing specialist security input into solution design, service transition and change initiatives, working closely with engineering, operations, client and third party stakeholders. You must have current hands on architectural experience, including VMware secure platform design and virtualisation architecture, alongside AWS expertise. This is an outside IR35 contract- 6 month rolling. Part of a longer term MoD project
-
- Active Directory | RBA engineer | UK Remote | SC Clearable
- United Kingdom
- N/A
-
Technical Active Directory (AD) and RBA specialist needed to play a key part in complex, enterprise scale Active Directory and access transformation programmes. You will work alongside senior team, helping reshape access models, modernise legacy directory structures and strengthen security posture across secure environments. This is hands on delivery within high impact projects where your work directly improves access control, compliance and operational resilience. Active UK Security Clearance required. This is a remote role with client travel. Implementation of Role Based Access Control across large AD estates Restructuring complex permission models, security groups and delegated access Supporting domain controller upgrades and core directory improvements Applying security hardening standards and remediating audit findings Enhancing authentication, policy and access governance frameworks Troubleshooting and resolving technical AD challenges within live environments Producing robust technical documentation and identifying project risks You must have the following technical experience Enterprise Active Directory administration Role Based Access and permission remediation OU design and governance Group Policy management Security group delegation models DNS and DHCP services Kerberos authentication / NTLM PowerShell scripting and automation Azure AD | Entra ID Hybrid identity environments Identity Governance PAM
-
- Identity and Access Management Consultant (Saviynt & Microsoft Entra) | UK
- United Kingdom
- N/A
-
Role summary Technical IAM consultant delivering identity governance and cloud identity solutions to enterprise clients. What you will do Implement / Configure / Deploy Saviynt IGA / Microsoft Entra solutions: Lead technical workshops, gather requirements and translate into solution designs. Troubleshoot complex issues, support testing and deployments. Produce technical artefacts and configuration guides. Key skills Hands-on Saviynt IGA experience (workflow, connectors, access governance). Strong practical knowledge of Microsoft Entra ID / Azure AD identity and access controls. Understanding of identity protocols (SAML, OAuth, OpenID Connect) and hybrid identity. Experience with APIs / REST for integrations and automation. What we are looking for Proven delivery experience in IAM / IGA projects, preferably in consulting. Confident communicator with client-facing delivery exposure.