Malicious faxes leave firms ‘open’ to cyber-attack

Booby-trapped image data sent by fax can let malicious hackers sneak into corporate networks, security researchers have found.
Since many companies use fax machines that are also printers and photocopiers, they often have a connection to the internal network.
The malicious images exploit protocols established in the 1980s that define the format of fax messages.
The research was presented at the Def Con hacker conference in Las Vegas.
The two researchers said millions of companies could be at risk because they currently did little to secure fax lines.
No security
“Fax has no security measures built in – absolutely nothing,” security researcher Yaniv Balmas, from Check Point software, told the BBC.
Mr Balmas uncovered the security holes in the fax protocols with the help of colleague Eyal Itkin and said they were “surprised” by the extent to which fax was still used.
“There seems to be a lot of organisations, government agencies, banks and others that are still using fax,” said Mr Balmas.
He added that there were historical and legal reasons why the ageing technology was still so prevalent.
“Fax is still considered as visual evidence in court but an email is not,” he said. “That’s why some government agencies require you to send a fax.”
England’s NHS is known to be a big user of fax machines. About 9,000 of them were recently found to still be in use in the service.
Gaining control of the machine that handles faxes, copying and printing can give attackers a foothold on a vulnerable network. They could then use this access to explore and attack the larger organisation, said Mr Balmas.
The weakness emerges in the protocols that define the way the data making up fax messages should be prepared.

Source: BBC

Comment here