Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malicious Faxes Leave Firms 'Open' To Cyber-Attack (bbc.com)

Posted by msmash on from the security-woes dept.

Booby-trapped image data sent by fax can let malicious hackers sneak into corporate networks, security researchers have found. From a report: Since many companies use fax machines that are also printers and photocopiers, they often have a connection to the internal network. The malicious images exploit protocols established in the 1980s that define the format of fax messages. The research was presented at the Def Con hacker conference in Las Vegas. The two researchers said millions of companies could be at risk because they currently did little to secure fax lines. "Fax has no security measures built in -- absolutely nothing," security researcher Yaniv Balmas, from Check Point software, told the BBC. Mr Balmas uncovered the security holes in the fax protocols with the help of colleague Eyal Itkin and said they were "surprised" by the extent to which fax was still used.

3 of 77 comments (clear)

  1. How exactly does this work? by Oswald+McWeany · · Score: 3, Insightful

    How exactly does this work, is this some sort of injection attack- where a badly formatted image file somehow includes code to take over the fax machine's operating system instead?

    If so this is really poorly designed- an incoming fax should be isolated from everything except printing off the incoming fax.

    --
    "That's the way to do it" - Punch
  2. Re:Fax won't go away for a very long time by Anonymous Coward · · Score: 2, Insightful

    Fax machines aren't replaced by emailing scans. They are being replaced by holding documents up in front of a smart phone camera.

  3. Re:just the faxes, ma'am by kelemvor4 · · Score: 3, Insightful

    Maybe we can finally get rid of one of the klugiest pieces of technology ever invented. Email anybody?

    Others might describe it as one of the most solid and useful pieces of tech ever invented. As evidenced by the fact that it's widely popular after so many years and even those with no technical skills at all can send and receive faxes.

    Personally, I prefer email. However if someone with no tech skills needs to send me a document image it's often far easier to just send a fax rather than spend an hour trying to teach the person to scan, then save in whatever format, and then send via email or other method (if the file is too large for email, often a problem). You get the idea.