What could be less threatening than the old office fax machine? Nothing. That's why it's used as a backdoor for hackers to get into the network of an organization.
Check Point, a cyber security firm in Israel, said Sunday that its research has discovered security holes in millions of fax machines.
The hack works by sending an image file over the phone line – or a file that the fax machine considers an image file – encoded to contain malicious software. When a company receives the photo, the image is decrypted and loaded into the memory of the fax printer so that the hackers can take over the device and spread the malicious code over the network.
"Many companies may not even realize that they have a fax machine connected to their network, but the fax feature is integrated with many multifunctional office and home printers," said Yaniv Balmas, group leader for security research at Check Point.
Researchers focused on Hewlett Packard's OfficeJet Pro all-in-one fax printer – the world leader in fax machines. Hewlett Packard quickly fixed the issue – a patch is available on the support page – but most fax machines, including Canon and Epson, have the same vulnerabilities.
Many machines are too old to update. This means that it will be difficult for companies to prevent hackers from entering their system.
Companies worldwide are using an estimated 45 million fax machines. Faxes are still widely used in the healthcare, banking and legal sectors, where highly sensitive data is stored. In the US medical sector, 75 percent of all messages are sent by fax.
To prevent companies from compromising their networks, experts recommend companies check whether their fax machines can be updated or place fax machines on a secure network that is separate from sensitive information networks.