Malicious Faxes Leave Firms 'Open' To Cyber-Attack

Booby-trapped image data sent by fax can let malicious hackers sneak into corporate networks, security researchers have found. From a report: Since many companies use fax machines that are also printers and photocopiers, they often have a connection to the internal network. The malicious images exploit protocols established in the 1980s that define the format of fax messages. The research was presented at the Def Con hacker conference in Las Vegas. The two researchers said millions of companies could be at risk because they currently did little to secure fax lines. "Fax has no security measures built in -- absolutely nothing," security researcher Yaniv Balmas, from Check Point software, told the BBC. Mr Balmas uncovered the security holes in the fax protocols with the help of colleague Eyal Itkin and said they were "surprised" by the extent to which fax was still used.

Re:How exactly does this work?

It's an attack over the phone line, so no network communication is involved in the exploit stage. That particular fax machine implements a protocol extension which allows the transmission of color faxes. This is achieved by sending a JPEG file instead of the typical black and white data. The attack exploits a bug in the JPEG decoder. With remote code execution achieved, the attack then proceeds with a payload that attacks the network to which the fax machine is connected.

The technical paper is at: https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/