Fax machines are a massive security problem

Researchers at Check Point have disclosed a security vulnerability in HP OfficeJet multi-function printers, Wired reported.

The security flaw allows an attacker to compromise affected printers with a specially-crafted fax and potentially gain access to a target network.

Fax is still widely used in several industries and is considered a secure method to transmit sensitive documents.

Check Point warned that nothing could be further from the truth, however. Fax offers no encryption and no verification. Anyone who has tapped a phone line will potentially be able to snoop on faxes sent on it.

There is also no way to prevent anyone from sending a malicious fax to a particular machine if it is connected to the phone network.

This inspired the researchers to search for potential security problems in modern fax machines, especially those embedded in printers – which are also connected to computer networks.

The researchers discovered an issue in HP OfficeJet printers which allows an attacker to trigger a stack overflow by sending the machine a malicious fax.

A proof-of-concept exploit shows the researchers using the exploit to take over an HP OfficeJet printer and gain a foothold in a target network. They then use a second exploit, EternalBlue, to hack a computer on the same network.

HP has released security patches to protect printers affected by the flaw.

Now read: FBI reverts to fax and snail mail for FOIA requests

Latest news

Partner Content

Show comments


Share this article
Fax machines are a massive security problem