Malicious faxes make companies "open" to cyber attacks

18

Hooded hackerPicture copyright
checkpoint

image Description

A demo showed a malicious fax that took a fax machine and displayed a picture

A custom fax image can allow malicious hackers to infiltrate corporate networks, security researchers have discovered.

In a presentation at the Def Con hacker conference, two researchers showed how to make pictures with booby traps.

The malicious message uses the protocols used to define the format of faxes.

The couple said millions of companies could be in danger because they currently do little to secure fax lines.

No security

"Fax has no built-in security measures – absolutely nothing," said security researcher Yaniv Balmas of BBC's Check Point Software.

Mr Balmas, with the help of his colleague Eyal Itkin, uncovered the vulnerabilities in the fax logs and explained that they were "surprised" by the extent to which the fax was still in use.

"It seems a lot of organizations, government agencies, banks and others who still use fax," said Mr. Balmas.

He added that there are historical and legal reasons why aging technology is still so widespread.

"Fax is still considered visual evidence in court, but an e-mail is not," he said. "That's why some government agencies require you to send a fax."

England's NHS is known for being a big user of fax machines. About 9,000 of them were recently found to still be used in the service.

Companies are vulnerable to a fax attack, Mr. Balmas said, because the machines that received faxes were often printers and copiers that normally had connections to an organization's internal network.

Gaining control over the machine that processes, copies, and prints faxes can gain a foothold in a vulnerable network. They could then use this access to explore and attack the larger organization, Mr. Balmas said.

The weakness occurs in the protocols that define how the data forming faxes should be prepared.

"The protocols we use for faxing were standardized in the 1980s and have not changed since then," Mr Balmas said.

Picture copyright
Getty Images

image Description

Doctors use old-fashioned fax machines to communicate

This weakness caused the couple to create a picture that contained a malicious payload.

For their test case, the payload used was a software exploit, known as Eternal Blue, which stood behind WannaCry's massive attack last year.

The fax protocols are poorly worded, which has led to different interpretations by different manufacturers, Balmas said.

And this had contributed to the vulnerabilities in the fax system.

In particular, the researchers found problems with the way the logs were used in some of HP's general-purpose printers, which are widely used in the business world.

HP has now released a patch for its printers that will fill in the gaps that the pair has found.

But, Mr. Balmas said, because fax numbers were shared very often, they could be an easy-to-find assault route for malicious hackers targeting various machines.

So far, there is no evidence that malicious hackers use the booby-trapped images to penetrate otherwise well defended networks.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.