Researchers at Check Point have disclosed a security vulnerability in HP OfficeJet multi-function printers, Wired reported.
The security flaw allows an attacker to compromise affected printers with a specially-crafted fax and potentially gain access to a target network.
Fax is still widely used in several industries and is considered a secure method to transmit sensitive documents.
Check Point warned that nothing could be further from the truth, however. Fax offers no encryption and no verification. Anyone who has tapped a phone line will potentially be able to snoop on faxes sent on it.
There is also no way to prevent anyone from sending a malicious fax to a particular machine if it is connected to the phone network.
This inspired the researchers to search for potential security problems in modern fax machines, especially those embedded in printers – which are also connected to computer networks.
The researchers discovered an issue in HP OfficeJet printers which allows an attacker to trigger a stack overflow by sending the machine a malicious fax.
A proof-of-concept exploit shows the researchers using the exploit to take over an HP OfficeJet printer and gain a foothold in a target network. They then use a second exploit, EternalBlue, to hack a computer on the same network.
HP has released security patches to protect printers affected by the flaw.