Your fax machine is probably the weakest link in your cyber security defences

Published on: 14 Aug 2018

The humble fax machine can be targeted and exploited by cyber criminals to obtain sensitive data or spread malware across an organisation, new research suggests.

Check Point Software Technologies has shown how fax machines can be hacked, targeting newly discovered vulnerabilities in the communication protocols used in millions of fax devices around the world.

Many modern fax machines double up as printers and are therefore generally connected to an organisation’s network. This means that essentially, an attacker simply needs a fax number to exploit the flaws and potentially seize control of a company or home network.

Once an attacker obtains an organisation’s fax number - which are easily obtainable from a company’s website - the attacker faxes over a specially created image file to the target.

The device’s vulnerabilities enable malware (such as ransomware, crypto-miners or spyware) to be coded into the image file, which the fax machine decodes and uploads to its memory. The malware can then potentially breach sensitive data or cause disruption by spreading across any networks to which the fax machine is connected.

A spokesman at Check Point said the research highlighted how these overlooked devices can be used to take over networks to breach data or disrupt operations.

It recommended that organisations protect themselves against possible attacks by updating their fax machines with the latest patches and separating them from other devices on their networks.