Hackers use fax machines to infiltrate network

Check Point researchers explain how hackers can use an organization's fax machine to hack its computers.

Ohad Tobi ,

Fax machine
Fax machine

Fax machines can be used to hack home or corporate networks, Israel's Check Point software technology company said.

The issue affects all Officejet printers, they emphasized. However, that doesn't mean all other printers are safe.

Check Point researchers Yaniv Balmas and Eyal Itkin found that since many faxes are connected to printers, sending a malicious fax could help them take over the network - even if it's not connected to the internet.

"In an all-in-one printer, one side is connected to the phone line and the other side is connected to the network. So if we could take over the device, we could then move into the internal network," Balmas explained, noting that even though fax machines are seen as secure, hackers have targeted them for "decades."

BBC quoted Balmas as pointing out that "the protocols we use for fax were standardized in the 1980s and have not been changed since." He added that "fax has no security measures built in - absolutely nothing."

Stack overflow, where the software program overloads and crashes, can be initiated by attackers simply by sending a malicious fax.

"All the attacker needs to do is send a malicious fax to this phone number and automatically he will be inside the internal network of this bank. It’s crazily dangerous," Itkin said.

The bottom line, they said, is that plugging a printer into a phone line opens computers to hackers. That way, Itkin explained, even if the printer is targeted, the hacker can't reach the main network.

An HP spokesperson told Wired that, "HP was made aware of a vulnerability in certain printers by a third party researcher. HP has updates available to mitigate risks and have published a security bulletin with more information. ... We encourage customers to keep their systems updated to protect against vulnerabilities."

The company has issued a patch to repair the issues.