Fax machines are a major security risk, but despite this it is estimated that there are 45 million fax machines still in use by businesses across the globe, especially popular in the medical sector where data is often sensitive.
What’s wrong with fax machines?
Cyber security firms have discovered vulnerabilities in the communication protocols used in the tens of millions of fax devices still in use, leaving organisations and individuals exposed to hacking.
The vulnerabilities found related to the communication protocols in the HP Officejet Pro All-in-One fax printers. These same protocols are also used in many other fax and multifunction printers, so even if it’s not a HP machine, the fax device you’re using could still be vulnerable.
According to the research, if an attacker obtained an organisation’s fax number, typically found on a corporate website, they could send a specially created image file by fax to the machine. Taking advantage of the communication vulnerabilities, the attacker could enable malware, including ransomware like the WannaCry and NotPetya attacks from 2018.
Once the malware is in a company’s system, it could then potentially breach sensitive data or cause disruption by spreading across the networks that the fax machine is connected to.
“Many companies may not even be aware they still have a fax machine connected to their network, but fax capability is built into many multifunction office and home printers, said Yaniv Balmas, group manager of security research at UK security firm Check Point.
“This research shows how these overlooked devices can be targeted by criminals and used to take over networks to breach data or disrupt operations.”
What can you do to protect yourself from a fax machine attack?
HP, has developed a software patch for its combined fax printers, and is available on its website. Anybody using another fax brand should check the manufacturers site for available firmware and apply them.
It is also good practice to place your fax on a secure network segment separated from applications and servers that may carry sensitive information. By doing this, you limit the ability of malware to spread across the network.
At Comsource we’d recommend ditching the fax machine altogether and moving to a virtual fax service that increases security and simplifies office life by directing all incoming faxes to your email account.