• Hackers can steal data from the enterprise using only a fax number

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » Hackers can steal data from the enterprise using only a fax number

    Tags:

    Author
    Topic
    Kirsty
    Manager
    August 13, 2018 at 2:25 am #210234

    Hackers can steal data from the enterprise using only a fax number

    Fax machines are still widely used by businesses and a communications protocol vulnerability is leaving them exposed to cyberattacks.

    By Charlie Osborne | August 12, 2018

     
    On Sunday at Def Con 26 in Las Vegas, Check Point Malware Research Team … demonstrated the existence of the security flaws in the HP Officejet Pro All-in-One fax printer range; specifically, the HP Officejet Pro 6830 all-in-one printer and OfficeJet Pro 8720.

    The vulnerabilities discovered included a stack-based buffer overflow security flaw and “Devil’s Ivy,” (CVE 2017-976), which permits remote code execution through database handling errors.

    According to the researchers, an image file can be coded with malware including ransomware, cryptominers, or surveillance tools. Vulnerabilities in the fax machines’ communication protocols can then be exploited to decode and upload the malware payloads to memory.

    Check Point disclosed its findings to HP, which developed and deployed firmware patches in response … “The same protocols are also used by many other vendors’ faxes and multifunction printers, and in online fax services such as fax2email, so it is likely that these are also vulnerable to attack by the same method,” the team said.

     
    Read the full article here

    7 users thanked author for this post.
    AlexEiffel, woody, PhotM, BobbyB, jburk07, Elly, HiFlyer
    Reply | Quote
    Viewing 6 reply threads
    Author
    Replies
    • BobbyB
      AskWoody Lounger
      August 13, 2018 at 2:53 pm #210337

      Thx @kirsty another awesome thought provoking post again 🙂 It stands to reason that as you have the ability to save an incoming Fax as a .tiff file on your system that the very act of receiving that “burst” of Data could well be laced with something that is persona non grata on your system. Strangely still use Fax albeit on my older Win7 Pro x86 machine (its the only one left at home with a Data Fax Modem) the Machines at work are just hooked up to POTS (Plain Old Telephone System) and don’t save to a Machine environment Phew! It raises the question really is there no end to the ways they can penetrate your system? Just lately have been musing here “is this a computer I see before me or is this a Swiss Cheese” because every time I check the mail and coming in here there’s a new exploit hence the Security more holes than a Swiss cheese analagy. Thx again for a timely warning although I have quite the dilemma what to do with this one, as occasionally I do share copy Fax .tiff’s to my main machine. Maybe M$ knew something about this a good few years back as the last version of Windoze that could share a Fax Printer was Win 2008 R2 server if memory serves me right, I have never been able to share Fax Printer in any normal versions of Windoze over the years, without an expensive Software option for Business.

      Reply | Quote
    • Microfix
      AskWoody MVP
      August 13, 2018 at 3:08 pm #210345

      Never used or installed the fax facility since Windows 2000!  fax ache..that was a long time ago.. 😉

      Windows - commercial by definition and now function...
      1 user thanked author for this post.
      BobbyB
      Reply | Quote
    • OscarCP
      Member
      August 13, 2018 at 8:34 pm #210404

      One might use fax often, or not at all, depending on what needs to be done and with whom. These days, I rarely find myself using faxes to send or receive documents and messages. From contracts to tax returns, I handle most exchange of documents, including some of the most personal and important, as well as of technical papers, reports and so on, using PDF files.

      The PDF format has, in combination with the software for creating, reading and editing it, vulnerabilities too, and I wonder now and then about those. Not moving in IT security circles, it’s hard to get news about security problems with PDF files, or what to do about them, other than to keep the software up to date, just in case. It’s baffling how, the more we become able, thanks to the Internet, to participate in the business of the world and reach to others in it swiftly and as far as its furthest reaches, we also become more and more open to malicious attacks through the very means that enable us to work and do business regardless of being physically near of far away from the others we are dealing with.

      Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

      MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
      Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
      macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

      Reply | Quote
    • Kirsty
      Manager
      August 14, 2018 at 12:44 am #210437

      Vulnerabilities in Fax Protocol Let Hackers Infiltrate Networks via Fax Machines
      By Catalin Cimpanu | August 13, 2018

       
      Two recently discovered vulnerabilities in the fax protocol can transform fax machines into entry points for hackers into corporate networks, two Check Point researchers revealed last week in a talk given at the DEF CON 26 security conference held in Las Vegas.

      Named “Faxploit,” this attack targets the ITU T.30 fax protocol, according to a copy of the DEF CON presentation given by Eyal Itkin and Yaniv Balmas last week.

      More specifically, Faxploit leverages two buffer overflows in the fax protocol components that handle DHT and COM markers —CVE-2018-5924 and CVE-2018-5925, respectively.

      HP released patches, other fax vendors vulnerable too

       
      Read the full article here

       
      See also: HP Ink Printers Remote Code Execution: c06097712

      1 user thanked author for this post.
      AlexEiffel
      Reply | Quote
    • Kirsty
      Manager
      August 18, 2018 at 4:42 am #211546

      Exclusive: HP Leaves Mac Users Vulnerable to Fax Hacks
      By Joshua Long | August 17th, 2018


      HP Leaves Mac Users Vulnerable to Fax Hacks

      Oftentimes when HP releases firmware updates for printers and multifunction devices, the company only makes the firmware available in the form of an EXE file — a Windows application. In spite of the severity of the Faxploit bugs, HP has not made an exception to this unfortunate practice.

      Of the more than 150 affected models for which HP released firmware updates, approximately one quarter of them do not have a Mac-compatible firmware update installer available to download through HP’s support site. Later in this article is a complete list of devices for which Mac-compatible firmware installation methods are not currently available.

      This leaves companies and home users that only use macOS or Linux in a difficult position: unplug your fax line, or remain vulnerable to serious attacks.

       
      Read the full article here

      1 user thanked author for this post.
      walker
      Reply | Quote
    • Paul T
      AskWoody MVP
      August 18, 2018 at 11:51 am #211572

      Given the cost of a phone call from who knows where and the chances of success, I think this is likely to remain an unexploited vulnerability.

      cheers, Paul

      Reply | Quote
    • anonymous
      Guest
      August 18, 2018 at 12:35 pm #211576

      ? says:

      thank you, Kirsty! appreciate you posting the latest threats. if anyone is interested Check Point Research has a complete description  on Faxploit:

      https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/

      1 user thanked author for this post.
      Kirsty
      Reply | Quote
    Viewing 6 reply threads
    Reply To: Hackers can steal data from the enterprise using only a fax number

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.