Stealing corporate data by only using a fax number?

Fax machines are still a part of many corporate environments, but rarely does anyone perceive them as a cybersecurity risk.

They are commonly spotted in the healthcare, legal, real estate, and banking industries since they allow for quick document printing. Data from 2015 suggests that there are still 46.3 million of them in use and about one-third of them are located in the United States.

Now here’s the thing, researchers from all around the globe are focusing their energy on coming up with answers to cybersecurity flaws found in operating systems, mobile devices, and browsers. However, no one seems to be thinking about doing the same for fax machines, which sets up the scope for a potential cyberattack.

Researchers have demonstrated it is indeed possible to compromise an enterprise network through fax communication protocols.

At this year’s Def Con 26 in Las Vegas, security researchers Yaniv Balmas and Eyal Itkins showcased their findings in front of an audience, demonstrating security flaws in three OfficeJet fax machine models.

Fax numbers are easy to come across and can often be obtained merely by visiting the company’s website. After that, a hacker can send a malicious image file to the fax machine. Researchers warn us that malware of various sorts can be executed through the vulnerabilities in these fax machines and spread across the network, including cryptominers, surveillance tools, and ransomware.

If the fax machines are connected to a network, the infection could spread to other systems as well. The researchers disclosed the news to HP which has already issued a firmware patch in response.