Recent research has unveiled alarming vulnerabilities concerning fax machines that could be exploited by remote attackers using nothing more than a fax number. Check Point researchers have pinpointed two critical remote code execution (RCE) vulnerabilities embedded within the communication protocols of millions of fax machines worldwide.
Contrary to the perception that fax technology is outdated, there remains a substantial user base with over 300 million active fax numbers globally. Industries such as legal services, banking, and real estate continue to rely on fax for secure document transmission. As many modern fax machines are integrated into multifunction printers connected to Wi-Fi networks and PSTN lines, this creates a potential entry point for cyber threats.
The vulnerabilities identified allow an attacker to send a specially crafted image via fax, thereby compromising the connected network. The ease with which a fax number can be obtained—often publicly listed on corporate websites—raises significant concerns regarding the security posture of businesses that utilize fax technology.
The attack, termed “Faxploit,” exploits a duality of buffer overflow vulnerabilities: one during the parsing of COM markers (CVE-2018-5925) and the other during the processing of DHT markers (CVE-2018-5924). This incident was effectively demonstrated by Check Point’s Malware Research Team using common HP Officejet Pro All-in-One printers. In their demonstration video, they showcase how an image file containing malicious payloads can be transmitted via phone lines, leading to unauthorized access to the fax machine’s memory.
By leveraging exploits like EternalBlue and Double Pulsar—previously used in notable cyberattacks—the researchers were able to infiltrate the connected network, emphasizing the potential for significant data loss or breaches.
A spokesperson from Check Point stated, “Using nothing but a phone line, we were able to send a fax that could take full control over the printer, and later spread our payload inside the computer network accessible to the printer.” This highlights an urgent need for organizations to reevaluate their network security measures, particularly regarding connected devices such as printers and fax machines.
Given the broad use of fax technology, the vulnerabilities discovered could extend to various models from multiple manufacturers, not just those identified by Check Point. The researchers responsibly disclosed their findings to Hewlett-Packard, who has since deployed firmware patches to remedy the flaws in their all-in-one printers.
Applying the MITRE ATT&CK framework can provide context for the tactics employed during this attack. Initial access was gained through a legitimate fax interaction, while persistence may be established as malware embeds itself within connected systems. Privilege escalation techniques might also be inferred as attackers gain increased access to sensitive data across the network.
In conclusion, this incident serves as a critical reminder for business owners to regularly assess their cybersecurity strategies. With the existence of legacy technologies like fax machines still prevalent in corporate environments, it is essential to implement comprehensive security measures to thwart potential exploitation.
