News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Hackers can steal data from the enterprise using only a fax number

    Home Forums Code Red – Security/Privacy advisories Hackers can steal data from the enterprise using only a fax number

    This topic contains 7 replies, has 6 voices, and was last updated by  anonymous 11 months ago.

    • Author
    • #210234 Reply

      Da Boss

      Hackers can steal data from the enterprise using only a fax number

      Fax machines are still widely used by businesses and a communications protocol vulnerability is leaving them exposed to cyberattacks.

      By Charlie Osborne | August 12, 2018

      On Sunday at Def Con 26 in Las Vegas, Check Point Malware Research Team … demonstrated the existence of the security flaws in the HP Officejet Pro All-in-One fax printer range; specifically, the HP Officejet Pro 6830 all-in-one printer and OfficeJet Pro 8720.

      The vulnerabilities discovered included a stack-based buffer overflow security flaw and “Devil’s Ivy,” (CVE 2017-976), which permits remote code execution through database handling errors.

      According to the researchers, an image file can be coded with malware including ransomware, cryptominers, or surveillance tools. Vulnerabilities in the fax machines’ communication protocols can then be exploited to decode and upload the malware payloads to memory.

      Check Point disclosed its findings to HP, which developed and deployed firmware patches in response … “The same protocols are also used by many other vendors’ faxes and multifunction printers, and in online fax services such as fax2email, so it is likely that these are also vulnerable to attack by the same method,” the team said.

      Read the full article here

      7 users thanked author for this post.
    • #210337 Reply

      AskWoody Lounger

      Thx @kirsty another awesome thought provoking post again 🙂 It stands to reason that as you have the ability to save an incoming Fax as a .tiff file on your system that the very act of receiving that “burst” of Data could well be laced with something that is persona non grata on your system. Strangely still use Fax albeit on my older Win7 Pro x86 machine (its the only one left at home with a Data Fax Modem) the Machines at work are just hooked up to POTS (Plain Old Telephone System) and don’t save to a Machine environment Phew! It raises the question really is there no end to the ways they can penetrate your system? Just lately have been musing here “is this a computer I see before me or is this a Swiss Cheese” because every time I check the mail and coming in here there’s a new exploit hence the Security more holes than a Swiss cheese analagy. Thx again for a timely warning although I have quite the dilemma what to do with this one, as occasionally I do share copy Fax .tiff’s to my main machine. Maybe M$ knew something about this a good few years back as the last version of Windoze that could share a Fax Printer was Win 2008 R2 server if memory serves me right, I have never been able to share Fax Printer in any normal versions of Windoze over the years, without an expensive Software option for Business.

    • #210345 Reply

      Da Boss

      Never used or installed the fax facility since Windows 2000!  fax ache..that was a long time ago.. 😉

      ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

      1 user thanked author for this post.
    • #210404 Reply

      AskWoody Plus

      One might use fax often, or not at all, depending on what needs to be done and with whom. These days, I rarely find myself using faxes to send or receive documents and messages. From contracts to tax returns, I handle most exchange of documents, including some of the most personal and important, as well as of technical papers, reports and so on, using PDF files.

      The PDF format has, in combination with the software for creating, reading and editing it, vulnerabilities too, and I wonder now and then about those. Not moving in IT security circles, it’s hard to get news about security problems with PDF files, or what to do about them, other than to keep the software up to date, just in case. It’s baffling how, the more we become able, thanks to the Internet, to participate in the business of the world and reach to others in it swiftly and as far as its furthest reaches, we also become more and more open to malicious attacks through the very means that enable us to work and do business regardless of being physically near of far away from the others we are dealing with.

    • #210437 Reply

      Da Boss

      Vulnerabilities in Fax Protocol Let Hackers Infiltrate Networks via Fax Machines
      By Catalin Cimpanu | August 13, 2018

      Two recently discovered vulnerabilities in the fax protocol can transform fax machines into entry points for hackers into corporate networks, two Check Point researchers revealed last week in a talk given at the DEF CON 26 security conference held in Las Vegas.

      Named “Faxploit,” this attack targets the ITU T.30 fax protocol, according to a copy of the DEF CON presentation given by Eyal Itkin and Yaniv Balmas last week.

      More specifically, Faxploit leverages two buffer overflows in the fax protocol components that handle DHT and COM markers —CVE-2018-5924 and CVE-2018-5925, respectively.

      HP released patches, other fax vendors vulnerable too

      Read the full article here

      See also: HP Ink Printers Remote Code Execution: c06097712

      1 user thanked author for this post.
    • #211546 Reply

      Da Boss

      Exclusive: HP Leaves Mac Users Vulnerable to Fax Hacks
      By Joshua Long | August 17th, 2018

      HP Leaves Mac Users Vulnerable to Fax Hacks

      Oftentimes when HP releases firmware updates for printers and multifunction devices, the company only makes the firmware available in the form of an EXE file — a Windows application. In spite of the severity of the Faxploit bugs, HP has not made an exception to this unfortunate practice.

      Of the more than 150 affected models for which HP released firmware updates, approximately one quarter of them do not have a Mac-compatible firmware update installer available to download through HP’s support site. Later in this article is a complete list of devices for which Mac-compatible firmware installation methods are not currently available.

      This leaves companies and home users that only use macOS or Linux in a difficult position: unplug your fax line, or remain vulnerable to serious attacks.

      Read the full article here

      1 user thanked author for this post.
    • #211572 Reply

      Paul T
      AskWoody MVP

      Given the cost of a phone call from who knows where and the chances of success, I think this is likely to remain an unexploited vulnerability.

      cheers, Paul

    • #211576 Reply


      ? says:

      thank you, Kirsty! appreciate you posting the latest threats. if anyone is interested Check Point Research has a complete description  on Faxploit:

      1 user thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Hackers can steal data from the enterprise using only a fax number

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.