Rawpixel - Fotolia
Faxploit: How can sending a fax compromise a network?
Check Point researchers found a fax machine attack allowing attackers to access scanned documents. Discover how this is possible and how users can avoid falling victim.
Sending a fax can compromise your network, according to Check Point Technologies Ltd. researchers. How is it possible for hackers to do access faxed files? What should users do before sending a fax?
Check Point researchers discovered that fax protocols can fail to prevent a malicious image file -- sent through phone lines -- from being printing on a victim's all-in-one printer-fax machine; all the attacker needs is the target's fax number. Using a malicious image file can enable attackers to gain control of a fax machine connected to the victim's network.
Once an attacker locates a computer containing sensitive documents, he can use an exploit script like EternalBlue NSA to attack the computer. The exploit, which researchers dubbed Faxploit, is capable of forwarding confidential documents and printing them on an attacker's fax machine.
In the course of a Faxploit attack, hackers can use a range of attack options, including making copies of documents; such documents often include confidential files faxed to banks, law firms or health providers with sensitive information. All of these files can then be printed on the attacker's fax machine or stored on the attacker's computer.
For example, an attacker could use information stolen from faxed documents to transfer all the money in a victim's accounts to the attacker's bank account. The attacker could also alter the contents of the documents in the victim's computer.
In order to mitigate the Faxploit exploit, admins should read Check Point's advisory on protecting their fax machines and consider all the banking, legal and healthcare regulations on the use of fax machines.
When turning off a fax machine is not an option, security teams should consider network segmentation. Segmentation can limit an attacker's ability to infect other parts of the network.
Furthermore, endpoint protections should be used to add an extra layer of security, and most printer vendors provide patches for security vulnerabilities. Indicators of compromise could include suspicious access to or changes in files, unusual outbound network traffic, red flags in log records, and a spike in file read volume.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)