Fax machines and all-in-one devices could be used by hackers to infiltrate networks.
According to security researchers at Check Point Software, there are a number of flaws the fax functionalities of all-in-one printers that let attacks take control of such devices.
In a blog post, researchers Eyal Itkin and Yaniv Balmas said that with just a phone number, it was possible to send a malicious fax to an organisation that would gain control of the device it was sent to.
Using an HP Officejet Pro 6830 all-in-one printer as a test case, researchers were able to find problems with the modern implementation of the fax protocol.
"Using nothing but a phone line, we were able to send a fax that could take full control over the printer, and later spread our payload inside the computer network accessible to the printer," they said.
The flaw is connected to the all-in-one printers that support Group 3 (G3) fax protocols. "This standard defines the basic capabilities required from the sender and the receiver, while also outlining the different phases of the protocol," said researchers.
This is exploited during a receiving handshake of the device.
"We could reach this vulnerability by sending a huge XML (> 2GB) to the printer over TCP port 53048 thus triggering a stack-based buffer overflow. Exploiting this vulnerability then gave us full control over the printer, meaning that we could use this as a debugging vulnerability," said researchers.
"We believe that this security risk should be given special attention by the community, changing the way that modern network architectures treat network printers and fax machines. From now on, a fax machine should be treated as a possible infiltration vector into the corporate network."
They said that similar vulnerabilities are likely to be found in other fax implementation, such as fax-to-mail services, standalone fax machines, etc.
"Once an all-in-one printer has been compromised, anything is possible. It could be used to infiltrate the internal network, steal printed documents, mine Bitcoin, or practically anything," said researchers.
They estimated that hundreds of millions of fax machines still in use around the world and tens of millions of all-in-one printers are sold worldwide each year.
Researchers added that they have been working with HP to fix the vulnerability and, following the process of responsible disclosure, HP managed to release a patch before this publication.
Nicholas Griffin, senior cyber-security specialist at Performanta, told SC Media UK that these vulnerabilities will certainly be exploited by attackers due to the ease of doing so.
"Instead of trying to phish your employees, attackers can now send an undetectable attack over the phone and gain instant access to your internal network. Certain industries rely heavily on fax machines – like the legal community and the NHS. The best form of defence here is to unplug your fax machine’s phone line," he said. "If you are using a HP machine, patch it immediately as a matter of criticality."
Anthony Chadd, senior director, EMEA, Neustar, told SC Media UK that in order to stay ahead of potential attacks via fax, security teams must make it a priority to source and deploy the correct patches and/or microcode from vendors.
"After deployment, the performance should be continually examined for critical applications and services - because knowing what is normal for the environment is key to staying ahead," he added.
HP told SC Media UK that it was "made aware of a vulnerability in certain printers by a third-party researcher. HP has updates available to mitigate risks and have published a security bulletin with more information. HP takes security seriously and we encourage customers to keep their systems updated to protect against vulnerabilities."