Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malicious Faxes Leave Firms 'Open' To Cyber-Attack (bbc.com)

Posted by msmash on from the security-woes dept.

Booby-trapped image data sent by fax can let malicious hackers sneak into corporate networks, security researchers have found. From a report: Since many companies use fax machines that are also printers and photocopiers, they often have a connection to the internal network. The malicious images exploit protocols established in the 1980s that define the format of fax messages. The research was presented at the Def Con hacker conference in Las Vegas. The two researchers said millions of companies could be at risk because they currently did little to secure fax lines. "Fax has no security measures built in -- absolutely nothing," security researcher Yaniv Balmas, from Check Point software, told the BBC. Mr Balmas uncovered the security holes in the fax protocols with the help of colleague Eyal Itkin and said they were "surprised" by the extent to which fax was still used.

4 of 77 comments (clear)

  1. How exactly does this work? by Oswald+McWeany · · Score: 3, Insightful

    How exactly does this work, is this some sort of injection attack- where a badly formatted image file somehow includes code to take over the fax machine's operating system instead?

    If so this is really poorly designed- an incoming fax should be isolated from everything except printing off the incoming fax.

    --
    "That's the way to do it" - Punch
    1. Re:How exactly does this work? by Anonymous Coward · · Score: 3, Informative

      It's an attack over the phone line, so no network communication is involved in the exploit stage. That particular fax machine implements a protocol extension which allows the transmission of color faxes. This is achieved by sending a JPEG file instead of the typical black and white data. The attack exploits a bug in the JPEG decoder. With remote code execution achieved, the attack then proceeds with a payload that attacks the network to which the fax machine is connected.

      The technical paper is at: https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/

  2. Why faxes are used by Anonymous Coward · · Score: 5, Interesting

    Faxes are still used, whether digitized or old-fashioned, because of the court system. A signed and faxed form carries the weight of a physical contract. A signed and emailed form does not.

  3. Re:just the faxes, ma'am by kelemvor4 · · Score: 3, Insightful

    Maybe we can finally get rid of one of the klugiest pieces of technology ever invented. Email anybody?

    Others might describe it as one of the most solid and useful pieces of tech ever invented. As evidenced by the fact that it's widely popular after so many years and even those with no technical skills at all can send and receive faxes.

    Personally, I prefer email. However if someone with no tech skills needs to send me a document image it's often far easier to just send a fax rather than spend an hour trying to teach the person to scan, then save in whatever format, and then send via email or other method (if the file is too large for email, often a problem). You get the idea.