Malicious Faxes Leave Firms 'Open' To Cyber-Attack

Booby-trapped image data sent by fax can let malicious hackers sneak into corporate networks, security researchers have found. From a report: Since many companies use fax machines that are also printers and photocopiers, they often have a connection to the internal network. The malicious images exploit protocols established in the 1980s that define the format of fax messages. The research was presented at the Def Con hacker conference in Las Vegas. The two researchers said millions of companies could be at risk because they currently did little to secure fax lines. "Fax has no security measures built in -- absolutely nothing," security researcher Yaniv Balmas, from Check Point software, told the BBC. Mr Balmas uncovered the security holes in the fax protocols with the help of colleague Eyal Itkin and said they were "surprised" by the extent to which fax was still used.

How exactly does this work?

[Oswald+McWeany]

How exactly does this work, is this some sort of injection attack- where a badly formatted image file somehow includes code to take over the fax machine's operating system instead?

If so this is really poorly designed- an incoming fax should be isolated from everything except printing off the incoming fax.

Re:How exactly does this work?

It's mentioned in the article. Because faxes are now commonly received on networked copiers.

Re: How exactly does this work?

[peragrin]

Except for us all faxes go to a targeted email address. Usually a general inbox.

While not hooked up, our old fax machine is a copier, scanner printer. All scans automatically do into a folder. Faxes used to do the same thing but we moved the fax number to a digital service.

Ideally ditching faxes all together would be great, just can't be done yet. To many still use them to send data.

Scanning is not always tech illerate friendly. Where sending a face is a phone number and press send

Re:How exactly does this work?

It's an attack over the phone line, so no network communication is involved in the exploit stage. That particular fax machine implements a protocol extension which allows the transmission of color faxes. This is achieved by sending a JPEG file instead of the typical black and white data. The attack exploits a bug in the JPEG decoder. With remote code execution achieved, the attack then proceeds with a payload that attacks the network to which the fax machine is connected.

The technical paper is at: https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/

Re:How exactly does this work?

[sakono]

Looking at the link..I am a bit over my head but does this effect digital fax or just the old analog lines? Company i work at just went to digital fax so the faxes come over the network and not the old phone cords. lest on the mfp side. No idea how the server side is set up, as they wont say.

Re:How exactly does this work?

Anywhere you have code that deals with non-trivial data structures, there is a potential for exploitable bugs. This is an attack on a particular device, possibly a particular series of devices, and it works by transmitting a malformed color fax over the phone line to the vulnerable device. It is not a generic protocol vulnerability.

Re:How exactly does this work?

I can't imagine you taking over my 1997 fax machine, nor it being terribly useful if you do. Altho it might qualify as a 'high-draw' appliance for the other article if you do :O

Why is the default condition for confused computers "Do what ever you want' ?!? When I get confused I go to sleep. they should try that....

Re:How exactly does this work?

It makes perfect sense when you think about it.

Those multifunction devices are a posterchild for shitty software practice. Closed source proprietary platforms, never updated, treated like appliances - plugged in and forgotten. In reality they're just network connected computers attached to expensive peripherals.

And if you've ever dealt with them you'll know that the printer device industry has among the most laughably shit software around. I'd be suprised if you found a single input that was not vulnerable to an overflow.

The fax line is the perfect penetration point. An out of band interface with no firewall (Fuck, it's not even an OSI model device), accepting anonymous connections with no authentication. Trigger and overflow with some carefully crafted fax transmission and you own the system.

Re:How exactly does this work?

[Darinbob]

But it still involves badly designed software. FAX isn't the big deal here, it's the blind obedience to the meta data in the FAX that is the problem.

I used to think that viruses in PDF files were bizarre myself because what self respecting PDF reader would actually write. Or what self respecting email viewer would decide to automatically run executable attachments? What self respecting web browser would rely upon third party scripts? Etc.

Security is the last concern of many products because it slow down development and gets in the way of profits (and they'd probably have to hire someone older than 25).

Re: How exactly does this work?

[bferrell]

>> Ideally ditching faxes all together would be great, just can't be done yet. To many still use them to send data.

And the legal system, at least in the US, officially recognizes faxes as legal documents

Re:How exactly does this work?

[planux]

L(should have)GT: https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/

I attended this talk yesterday, and it was by far the best talk I attended at defcon26. The researchers did some amazing work to get this exploit. You can get the full tail of hackery at the link above, but here's my (probably/mostly correct) summary:
 

• At some point, the fax standard was amended to include support for JPGs, in order to allow full-color faxes
• As the researchers wrote in the above-linked blog article, "For some unknown reason, firmware developers tend to re-implement modules that are already implemented in major popular open sources. This means that instead of using libjpeg [ref.13], the developers implemented their own JPEG parser."
• When the All-in-One device receives a JPG fax, it stores the whole JPG file in local storage (on disk, essentially). This differs from how it processes TIFF files, where the headers and image data are separated. Because the whole JPG file is stored as a normal file, it gives the attacker a platform from which to operate.
• The firmware-developer-implemented JPG parser has a number of bugs, including buffer overflow vulnerabilities in the COM (CVE-2018-5925) and DHT (CVE-2018-5924) markers. It turned out the bug in the DHT marker parser was the easier one to exploit.
• Exploiting the DHT marker parser buffer overflow gets them arbitrary code execution. The code they want to execute is stored in the remainder of the JPG file. Because the OS on these All-in-One devices has no security controls and everything runs with highest privileges, they were able to use this ability to overwrite the LCD screen (to visually prove pwnage) and then to use the Eternal Blue and Double Pulsar (which they managed to squeeze into the ~4000 byte payload they had available in the JPG file) exploits to start attacking other hosts on the network. Since these All-in-One devices tend to be connected to the office network (else, it's hard to print on them), this presents an excellent jumping off point for attacks.

All in all (all-in-one?) this was some amazing research and the full article is well worth a read.

Re:How exactly does this work?

Buy a phone number from Ringcentral. Sent faxes go to RingCentral and get turned into a PDF to the secretary. Done.

Re:How exactly does this work?

[thesupraman]

No, its not.

At present its the equivalent of saying 'letting a client whistle in your offices opens you to malicious attack because your Pc/smartphones microphones are digitising that data' without shoing ANY EVIDENCE AT ALL that there is actually a workable volnerability via such a path.
The mere fact that your microphones may not (ignoring the wonders of siri/google/etc/etc) actually be being used by any software that could have such a vulnerability seems irrelevant to there 'researchers'.

Their message is basically 'there is data! panic! run for the hills!'

Hell, next they will be warning people that a hacker could modulate the incoming mains power causing the lights to flicker in JUST the right way to cause a webcam attached to a computer to 'hack' the system via... well, they doont need the via part is seems, just hand waving and 'I'm a security expert! bow before me!'

Re:How exactly does this work?

They found and demonstrated an actual vulnerability that is exploitable by sending a malformed fax. Your turn.

Re:How exactly does this work?

The researchers go out of their way to point out that normal black and white faxes are not sent by transmitting TIFF files, but instead the transmitted data and the meta information are turned into a TIFF file by the receiving device when a fax is stored. The wire protocol for black and white faxes does not involve TIFF files, but the wire protocol for color faxes involves sending actual JPEG files. Please don't perpetuate the "Fax = sending TIFFs" myth.

Re: How exactly does this work?

They not only demonstrated full control of the machine but near instantaneous transmission of eternal blue to a networked machine nearby.

Re:How exactly does this work?

Thank you for the link with the details!

just the faxes, ma'am

[guygo]

Maybe we can finally get rid of one of the klugiest pieces of technology ever invented. Email anybody?

Re:just the faxes, ma'am

[SemperOSS]

Well, if you're out in the woods with no internet connection, no mobile coverage but have two copper wires connected to a telephone exchange, fax can be your saviour.

The real reason for the fax predominance, I believe, is that it is 1) "known" technology, which means that technophobes like my previous solicitor could understand it and use it, and 2) it is easier to use than most scan-to-E-mail solutions (even for tech-savvy people).

Have you tried to enter the E-mail address on the small, resistive touch-screen of a scan-2-mail device? Many people resort to using ballpoint pens (without the pen extended) as the sensitivity of the touch-screen is abysmal and the interface is often rather counter intuitive, making the whole ordeal a nightmare. I have tried quite a few and find the drop-the-paper-in-the-feeder-and-dial of fax much easier.

In my home office I rarely use fax but I do use a small scanner next to my computer to handle most of my scanning needs (receipts and such) and only go to the multi-function printer when I need high-volume scanning.

Re:just the faxes, ma'am

[kelemvor4]

Maybe we can finally get rid of one of the klugiest pieces of technology ever invented. Email anybody?

Others might describe it as one of the most solid and useful pieces of tech ever invented. As evidenced by the fact that it's widely popular after so many years and even those with no technical skills at all can send and receive faxes.

Personally, I prefer email. However if someone with no tech skills needs to send me a document image it's often far easier to just send a fax rather than spend an hour trying to teach the person to scan, then save in whatever format, and then send via email or other method (if the file is too large for email, often a problem). You get the idea.

Re:just the faxes, ma'am

[guygo]

yeah.... and 30 miles per hour! How can a person breathe at that speed!

Re:just the faxes, ma'am

[AvitarX]

Also, people don't want to e-mail sensitive information, but have no concerns faxing it.

Re:just the faxes, ma'am

That's because there are all sorts of laws around wiretapping and POTS lines as they have "common carrier" status but those laws don't apply to things being sent over the internet as they are not classified as "common carrier." Also they have been around a lot longer.

Re:just the faxes, ma'am

[ArchieBunker]

You've obviously never worked with any government agencies.

Re:just the faxes, ma'am

[AvitarX]

Sure,

but would you really say fax is safer because it's harder to legally snoop on?

Also, there's a decent chance if I fax something, it's going to be converted to e-mail anyway (I'd bet well over 50%).

Re:just the faxes, ma'am

[pnutjam]

There are machines that make emails as simple as faxes, it's mostly regulatory issues that keep faxes around. They are exempt from many security considerations.

Re:just the faxes, ma'am

[guygo]

Right, 65 years old and I have never once had a chance to work with a government agency, is that your contention? Sure. You obviously never make assumptions about others nor overstate anything, huh?

Re:just the faxes, ma'am

[omnichad]

The real reason it's still in use is that a faxed copy of a signed legal document counts as a legal original in most cases in the US. This loophole really needs closed in today's age because it enables fraud but nobody has taken the time to challenge it.

Re:just the faxes, ma'am

[bferrell]

Nope. Not until courts recognize email as a legal immutable document

Re:just the faxes, ma'am

[tehcyder]

Well, if you're out in the woods with no internet connection, no mobile coverage but have two copper wires connected to a telephone exchange, fax can be your saviour.

You can fax for an Uber to come and save you?

Why faxes are used

Faxes are still used, whether digitized or old-fashioned, because of the court system. A signed and faxed form carries the weight of a physical contract. A signed and emailed form does not.

Re:Why faxes are used

old ppl still use checks so yeah

Re:Why faxes are used

[Oswald+McWeany]

Faxes are still used, whether digitized or old-fashioned, because of the court system. A signed and faxed form carries the weight of a physical contract. A signed and emailed form does not.

Which itself is a bit odd, because you can print out an e-mail and then fax it. So it's not like Faxes prevent some sort of image editing fraud that could happen with an e-mail.

Re:Why faxes are used

[Attila+Dimedici]

This is no longer true...and has not been for over 10 years.

Re:Why faxes are used

old ppl still use checks so yeah

millennial's use txt spk so yeah

Re:Why faxes are used

old ppl still use checks so yeah

Young people still use checks. You in college? Paying tuition gets hit with a 3% fee for credit and debit cards at every college and university I know of.

Hundreds of dollars just to pay for your semester. Using a check, there is no fee.

Re:Why faxes are used

This is no longer true...and has not been for over 10 years.

Some ambulance chasers are making a killing with that sentiment, but the law and competent judges disagree.

Re:Why faxes are used

[omnichad]

Fighting established precedent is just as hard as establishing new precedent in case law. It's always been trivially easy to commit fraud over fax with regard to signatures. Technology only makes it easier. The same thing but on a computer was sanely rejected because of security concerns. It takes a lot more to challenge the established precedent on faxes.

Re:Why faxes are used

[Darinbob]

What else would you use?

Re:Why faxes are used

[Tony+Isaac]

No.

My company specializes in serving subpoenas for documents related to car accident cases, and collecting documents to deliver to the court. There is absolutely no legal advantage of fax over email, when it comes to contract enforcement or other court purposes. Legally, a simple email (signed or not) carries the weight of a signed contract.

Where fax DOES have an advantage is in HIPAA compliance. Fax is considered "secure" because it is (or was) so seldom hacked. This allows physicians and lawyers to transmit protected health information electronically, without having to worry about password-protected files. It's lazy, but effective.

Re:Why faxes are used

[antdude]

Faxing is still popular in Japan even though that country is very high tech. https://www.bbc.com/news/busin... says even casette tapes are still popular!

Re: Why faxes are used

How are ambulance chasers making a killing on that sentiment?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Fax won't go away for a very long time

Fax machines aren't replaced by emailing scans. They are being replaced by holding documents up in front of a smart phone camera.

Legal documents

Scanning and emailing a document - where it can be FWD: FWD: FWD: ... - is unacceptable.

And in many jurisdictions, it's not considered legally valid if you email it.

Re:Legal documents

Scanning and emailing a document - where it can be FWD: FWD: FWD: ... - is unacceptable.

If the recipient uses a fax-to-email service as their fax number, how is that any different?

Re:Legal documents

[xvan]

If only there was a technology that could validate the authenticity of a digital document. You know, like a signature at the bottom of paper document. We could call it digital signature.

Re:Legal documents

[Attila+Dimedici]

This has not been true in the U.S. for well over 10 years. I know that I used to believe that it was true, but I am not sure that it was.

Re:Fax won't go away for a very long time

Besides, emails (unless encrypted, yea everyone does this), are simply postcards in the mail.
Anyone can read them with a little effort.

I would not want my SSN scanned and then sent via email, vs faxed.

Re:just the ITU standards, ma'am

Seems some can't let go of their stereotypes.

T.38
https://en.wikipedia.org/wiki/T.38

T.37
https://en.wikipedia.org/wiki/T.37

Mr. Robot: It's not just Cyber-Attack

[mykepredko]

I can't believe that nobody's noted that Elliot in Mr. Robot used a faked Fax to get access to Police data: https://www.theverge.com/2016/...

Fax me the oringal...

If the comment "We can only accept a fax of the original document" still is being said fax will always be around. Who says I didn't make it PDF and print the PDF 100 times and fax you the last copy? People have asked to fax checks. There is no end to the misunderstanding of faxing.

Re:Fax me the oringal...

[Scarletdown]

My paper supply in my main printer is getting low. Could you fax me a few blank sheets? :D

Re:Fax me the oringal...

[nuckfuts]

My paper supply in my main printer is getting low. Could you fax me a few blank sheets? :D

I could fax you a few black sheets. Then your toner will also be low.

Re:Fax me the oringal...

[Scarletdown]

Just send it to my IP address: 127.0.0.1

Re:Fax won't go away for a very long time

[Big+Bipper]

I've been retired for a couple of years, but we always had to keep a POTS line around for the fax ( burglar alarm too ) as fax wasn't reliable over VOIP. If faxing over VOIP can't be / hasn't been fixed then the migration to VOIP should kill off fax sooner than later.

Re:Fax won't go away for a very long time

Which is why I'm so disappointed smartphones cannot send an actual fax from that photo, while there is no technical reason they could not. You'd create interop that way. But of course nobody is interested in that sort of thing, when we could pretend for progress by throwing out useful working stuff instead.

Just like I'm disappointed --again-- by the idiots making a big fat ruckus about a piece of otherwise useful technology as if it's all broken, when in fact it's a small corner case in a limited range of a certain manufacturer's products. Of course that needs fixing, but "reporting" like this makes it seem all faxes are a giant backdoor in every organisation, which simply isn't true.

Thanks for breaking it, "hacker" idiot wannabe-heroes.

Re:Fax won't go away for a very long time

I imagine that if you could reverse engineer an uncommon operating system running on an embedded computer with just serial output for debugging, dig through binary application code and find an exploitable bug in a custom JPEG decoder, you would not be overly offended by some loudmouth anonymous coward calling you an idiot wannabe-hero. I'd expect it is somewhat like people calling me a cheater when I obliterated them in online FPS. Always a good chuckle.

Re:Fax won't go away for a very long time

[tlhIngan]

It's been around so long and it's survived this long. Too many people aren't capable of scanning something, then emailing it. Any bets on when the last fax machine will be taken out of service? 20 years? 30?

That's because fax is simple. It's a technology that's really boiled down what it does to the ultimate in simplicity.

To set it up, you connect it to a phone line and power. You can set it up further if you want, but as far as its basic needs, they've been met.

To send a fax, you stick the paper into the document reader, dial the number and press start. The machine will figure out what to do and your pages are magically sent off to the recipient. Hope you got your number right.

To receive a fax, you really do... nothing. It just sits there and answers the phone.

Some fax machines even print you a receipt after it's done.

Brain dead simple.

Try emailing a scan to someone, and how many steps that requires - from scanning the document to your computer and then attaching it to send out. Even with software that automates it all, it's still not quite dump it, push it, and forget about it.

If you have a fancy scanner, it may allow you to scan to email so you can almost do it by entering the recipient's email at the machine. But few scanners do this.

You're far more likely to just have someone take a photo of the document and send it via mms or something.

Re:Fax won't go away for a very long time

[Oswald+McWeany]

To send a fax, you stick the paper into the document reader, dial the number and press start. The machine will figure out what to do and your pages are magically sent off to the recipient. Hope you got your number right.

A previous company I worked for had the fax number incorrect on a lot of their documentation that was handed out to clients, including fliers and business cards. The number listed as a fax number for the company was actually an "adult services" phone number. We never found out if that was done intentionally as a joke by someone or just a simple error. (the number was two digits off the correct fax number).

No client ever reported a problem and to my knowledge the mistake was never discovered... we almost never received a fax- and if we did it was from already established clients who had known the correct number already.

Japanese business avoids Net uses fax instead

[Gnostic+Teflon]

Japanese business has avoided the Net because of it's reputation for black had activity. Now that the bad actors like the NSA, the Russians and the Chinese are aware that they now can exploit this avenue, Japanese business is a sitting duck waiting to be shot.

Re:Fax won't go away for a very long time

[omnichad]

T.38 protocol will encode/decode fax data for transit over an IP network.

Copper wires = modem

[DrYak]

Well, if you're out in the woods with no internet connection, no mobile coverage but have two copper wires connected to a telephone exchange, fax can be your saviour.

From a purely technical point of view, if you can manage to connect a fax to those pair of copper wires, that means you can connect to an analog Modem (somewhere between 33 and 56k bits) or an ISDN digital signal (64k), because Fax machines ARE basically modems (pouring data into a printer with only a simple picture compression in the middle).

You could as well wire your copper wire to the appropriate type of modem and do way much more, including PPP to get IP packets.
Maybe not use the modern Web (where every single page seems to need a giant katamari of multi-megabyte disjoint javascript frameworks)
but there could be lots of other low bandwidth possible things beside pushing compressed pictures around.
(text e-mail, connecting to some remote machine with better connection to handle your stuff, etc.)

Basically, a pair of copper wires IS a potential internet connection.

But for the rest, I agree.
doing weird things with a modem on pair of copper wires is something specific to /. geeks.
A fax machine is something that is granpa / granma-proof, because said grand-parents literally already used one in their past jobs before retiring.

Have you tried to enter the E-mail address on the small, resistive touch-screen of a scan-2-mail device?

Yes, did it successfully using a full blown keyboard because said machine accept configuring over a HTTP interface to input presets.
From there, most of interactions a just push 1 or 2 buttons to "mail scan to preset 1" (which is my address, or on some machine could even be an SMB networked share instead of an actual e-mail address), and then all the remaining processing is done from a laptop.

Re:Copper wires = modem

[SemperOSS]

If you or I lived there, we would probably find a modem somehow and also an internet provider that had dial-in lines. Living in the UK, the latter is not the easiest (OK, there are a few "free" services that offer dial-up but on 0844 or 0845 numbers where you pay a small premium on the call) but none of the big suppliers offer that service now, to the best of my knowledge. Luckily, modems are still to be had and at a fairly low price. (About GBP6/$10 for a USB 2.0 56K + fax modem.) Fax machines are sold by almost every office supply merchant whereas modems are not. (Again speaking of the UK.)

The E-mail-enabled printers I have worked with were not configured for network setup of scanning to mail* and while many E-mail addresses were stored in memory, subject lines and attachment naming still required the use of the unpleasant touch-screen keyboard.

* Not entirely true as my current Epson multi-function printer can do everything over its wireless connection, which gives me the opportunity of scanning remotely and send off. Neat for bigger batches of papers to scan otherwise I just use my Canon flatbed scanner.

No content to support the vague claim.

In most machine the fax side is neatly separated from the network side. So much so that the fax board is optional. Inbound transmissions have some hand shaking which is mostly standard. While some mfg have special modes they mostly all support the same basic modes. The IMAGE data is transmitted and the transmission is closed. The fax image is printed, saved locally, emailed, or possibly saved to the network as an image typically a Tif or PDF. Possibly there is some machine that will ocr a received fax. Could you crash the fax board, probably, with a malformed handshake or image. Your best bet is to include a highly readable link in the fax link so some unsuspecting OCR would pick up the link for some user or application to strangely execute it. I suppose the same goes for barcode.

Re: No content to support the vague claim.

Well, the researchers demonstrated a vulnerability in a huge number of inexpensive and popular hp machines, and hp has issued CVEs... same researchers stated that HP has 40% of market share...

knowledge

[DrYak]

The kind of people who would be reassured with the legallity surrounding FAX wiretaping, is typically the type of user who has no clue that e-mail encryption *is* a thing, or what the words S/MIME and GPG are.

Teach

[DrYak]

However if someone with no tech skills needs to send me a document image it's often far easier to just send a fax rather than spend an hour trying to teach the person to scan, then save in whatever format, and then send via email or other method (if the file is too large for email, often a problem).

Though you can teach them to use an MFP to mail a scan to themselves (basically the same button presses as a sending a fax with a fast-dial number, except that the fast dial-preset point to their own e-mail box instead of another FAX phone number) and then teach them how to forward e-mails with their favorite e-mail client.

The "file too large for e-mail" won't happen that easily, because most MFP will do compression-to-PDF auto-magically usually with better than FAX codecs (though apparently FAX that can handle JPEG and JBIG compression have appeared in the recent decades).
(If the file is too big for a modern mail account, it's also going to take ages of the FAX' slow <64kbits connection).

College tuition

[DrYak]

Hundreds of dollars just to pay for your semester.

In other saner parts of the world, hundreds of dollars *is* what you pay for the semester.

What I'd like to see, or hear about

[bferrell]

Is how something like Hylafax or regular old fax machine reacts to these "malformed" fax images.

What this sounds like, is that the printer makers got sloppy in the image rendering end of things and this is some kind of buffer overflow.

No... They wouldn't do THAT.

Re: What I'd like to see, or hear about

That is what it is exactly. The malformed color fax file (jpeg) triggers an overflow in the jpeg rendering code.

What kind of fax? Software or Hardware

[p51d007]

I've been in the copier, printer, fax business since the early 80's. Most MFP's, for the sake of price, use a software based fax modem. (remember the problems of the old Win modems?) IF that is what they are talking about, I could see where there could be a problem. Most of the higher end machines we sell & service, use a HARDWARE based modem for faxing. The board contains the CML hardware relay, and they even continue to use the dual neon light bulbs, that were there to help drain off any excess AC that may come in over the old POTS copper lines. Most faxing is now down over VoIP, not copper, so they could drop the neon filtering along with the old click bang mechanical relay, but, they still use it. The ASIC on the modem is not an EEPROM, so I don't know how they would hack into that and change it. Like I said, I don't know the entire details, but just from the article, I can see a SOFTWARE based modem getting hacked, but I think it would be MUCH harder to get through a HARDWARE based modem. Also, another point of attack could also be the ATA box connected to the fax, which converts the analog modem data to the digital data required to go out over the VoIP setup. We already in most cases have to turn off the V.34 modems, and slow the modem down to V.17 14.4k or even 9600 to get them to work, even with the T.38 protocol in the ATA box, because they will place them some distance from the MFP, and use unshielded telephone wire to connect and by the time it gets to the fax, the loop current is so low, it sometimes has problems triggering the CML relay! It will be interesting to see if this blows up, like it did about 15 years ago, when that CBS 60 minutes broadcast, showed businesses were trading in old machines and didn't realize they were leaving data on the HDD's they have in them, and most were not encrypted. Now, ever machine we have has ADI self deleting/wiping drives that marry to the machine with a hash code. Not to mention we turn on 128 bit encryption by default with the option of going to 256 bit encryption. All for a flipping copy machine....geez!

Re:Fax won't go away for a very long time

Scanning and faxing are the exact same process. Stick paper in select destination.

Any office printer worth a damn will let you pop in an email address instead of a fax number.

Old School Fax Attack

[IonOtter]

1. Take something black, preferably large, and place it on the copier. A t-shirt will work well, but no designs: just solid black.

2. Make four copies of the black.

3. Trim the sheets so they have no white edges or borders.

4. Assemble the 4 sheets together with Scotch tape. Trim off any excess.

5. Apply a strip of Scotch tape to the BACK of the topmost sheet, so it's half on, half off.

6. Dial the target fax machine, then feed the bottom-most sheet into the device.

7. When enough comes out of the bottom, bring it up and apply the bottom to the topmost strip of Scotch tape to create a loop out of the four sheets.

8. Go get some coffee, talk to some co-workers, maybe go to lunch.

Target fax will keep spitting out page after page of black nothing until it either runs out of paper, toner or the fuser burns out.

governments

[sad_]

governments still use it a lot.

got pulled over by police, my insurance was not valid, the valid paper was at home, i just got it in the mail and didn't put it in my car yet. so the officer asks me - is there somebody at home who can fax it to us.
come again, what? a fax? no, but i can have a picture taken and email it. that wasn't any good, so i ended up having to show the paper at the police station the next day.

other stories are that the fire department needs to get a fax from the mayor to declare certain states of alert. criminals that need to transported, require fax approvals, etc

the list of uses for faxes in the government seems to be endless.

Phew

Good thing we use dedicated fax machines!!

Old school

[DrYak]

If you or I lived there, we would probably find a modem somehow and also an internet provider that had dial-in lines. Living in the UK, the latter is not the easiest

An actual ISP with dial-in lines would be one possibility.

Another would be remotely connecting to a machine you own somewhere is another possibility, (using this time some normal local number, so get either very low cost or free connection, depending on your phone line plan).
i.e.: be your own ISP.

The E-mail-enabled printers I have worked with were not configured for network setup of scanning to mail* and while many E-mail addresses were stored in memory, subject lines and attachment naming still required the use of the unpleasant touch-screen keyboard.

The idea is to leave the stupid default (e.g.: "SCAN_yyyymmdd.PDF") and mail *yourself* a copy of the document using the 1-button fast-dial.
Then, using your laptop and your favorite e-mail client, forward that e-mail to the final destination while editing the subject line and text body to fit your needs.

Managed to get my parents used to this workflow rather easily.