Report: ‘Faxploit’ hack can penetrate networks with just a fax number
Fax machines, very much still a thing, can be used as an entry point into an enterprise’s IT network, according to new research from Israeli cybersecurity company Check Point.
In a report released Monday, Check Point details an exploit whereby an attacker can infiltrate using only a fax number associated with a machine on a target network. Attacks can then move across a network, even if it’s not connected to the internet, according to the report.
As demonstrated by Check Point in the video below, the hacker can execute script that targets the victim’s fax number in order to obtain network access. The attacker can then use EternalBlue, a NSA-developed exploit leaked by the Shadow Brokers hacker group, to further infiltrate the network and execute malware.
In Check Point’s video, the hacker uses malware to locate a file on the victim network and send it back to the hacker’s fax machine.
Check Point says attackers could customize the attack to extract the information they’re looking for.
“These could include sending a copy of every fax that a customer sends to their bank, for example, with sensitive account information included, back to the attacker. Another possibility could be tampering with the fax content itself (i.e. replacing the documents received with altered versions of them),” the company said in the report.
Since, the exploit, which Check Point dubs “Faxploit,” targets the fax protocol, a network doesn’t even have to be connected to the internet to be infiltrated, the company says.
Check Point conducted its research on HP “all-in-one” devices with printer and fax capability, but says that Faxploit is not limited to HP because the attack relies on a vulnerability in the fax protocol.
HP has released a patch for the exploit, having collaborated with Check Point.
The news comes not long after HP launched a bug bounty program for its printers with Bugcrowd, inviting white-hat hackers to find and report vulnerabilities in its devices.
“Many companies may not even be aware they have a fax machine connected to their network, but fax capability is built into many multi-function office and home printers,” said Yaniv Balmas, group manager of security research at Check Point, in a press release. “This groundbreaking research shows how these overlooked devices can be targeted by criminals and used to take over networks to breach data or disrupt operations.
Check Point asserts that, contrary to popular belief, fax machines are still widely in use. Health care organizations use them due to privacy regulations and the banking and real estate industries use them to transmit signatures, among other uses.
“In fact, while our world becomes more connected through [internet of things] devices, the cloud and mobile platforms, there still remain simpler technologies which can allow potential hackers to infiltrate IT networks and provide unauthorized access to sensitive information,” Check Point wrote.