New research from Check Point Software Technologies Ltd. has shown how organizations and individuals could be hacked via their fax machines, using newly discovered vulnerabilities in the communication protocols used in tens of millions of fax devices globally. A fax number is all an attacker needs to exploit the flaws, and potentially seize control of a company or home network.
The Check Point research demonstrated the vulnerabilities in the popular HP Officejet Pro All-in-One fax printers. The same protocols are also used by many other vendors’ faxes and multi-function printers, and in online fax services such as fax2email, so it is likely that these are also vulnerable to attack by the same method. Following discovery of the vulnerabilities, Check Point shared the findings with HP, which was quick to respond and to develop a software patch for its printers, which is available on HP.com.
Not often perceived as modern-day technology, there are over 45 million fax machines in use in businesses globally, with 17 billion faxes sent every year. It is still widely used in several industry sectors such as healthcare, legal, banking and real estate, where organizations store and process vast amounts of highly sensitive personal data. The UK’s National Health Service alone has over 9,000 fax machines in regular use for sending patient data. In many countries, emails are not considered as evidence in courts of law, so fax is used when handling certain business and legal processes. Nearly half of all laser printers sold in Europe are multi-function devices which include fax capability.