When we talk about network security, we tend to focus our attention on the most critical components of the network, such as firewalls, routers and servers. In reality, any device that’s on the network can be an entry point for the bad guys. Our concern today is with fax machines – yes, fax machines – and the vulnerability they can bring to a network.
Two researchers from Check Point recently announced their discovery of a vulnerability, being named “Faxploit,” (Detailed Info) with the fax protocol that allows for full remote access to HP Inkjet all-in-one devices. The vulnerability enables attackers to send a specially crafted fax that would then allow them to have full remote control over the HP device. If this HP device is plugged into a network, the attackers are now behind the firewall and can potentially access systems and launch further attacks. Since these multi-function devices are typically also used as printers and scanners, the risk is that they are most commonly found plugged into the network and the scanner may be configured with a network account for storing files on the server.
At this time, there are no known exploits of this vulnerability in the wild. In plain English, this means that the threat is known and has been published, but there are no active viruses or malware that have been found to take advantage of this vulnerability.
There are a number of steps you can take to block this vulnerability. One, if you do not need the fax function of your HP device, simply unplug the phone line going into the unit. Additionally, HP has released updates that will patch the issue with this vulnerability. If you must use the fax option and your model cannot be updated (based on its support status), then it may be possible to configure the network and the device, by locking down the associated user accounts, to isolate the device so that if it did get compromised the exposure is limited.
While the Check Point research was conducted specifically on the faxing capabilities of HP “all-in-one” units, it is believed that all types of fax machines/devices may be susceptible to the same vulnerability. The protocol associated with fax is over 30 years old and does not have any security mechanisms built into it. ADNET is continuing to research the issue and will share more information as we obtain it.