Network printer: Serious security vulnerabilities in fax function

Critical security holes in fax technology allow multifunction printers and network-connected copiers to become a gateway for hackers.

At the security conference “Def Con 26”, which took place from August 9 to 12 in Las Vegas, researchers from the software manufacturer Check Point presented a disturbing finding with “Faxploit”. The fax function and underlying protocols contained in many multifunction printers and copiers have serious security gaps.

A specially prepared image, which only needs to be sent conventionally to a fax number, can be used to provoke errors that subsequently allow code to be introduced and executed on devices remotely. In concrete terms, cybercriminals are supposed to be able to place pests in the memory of a printer during a fax exploit.

If the printer now has a WLAN or LAN connection, malware of any kind can spread to other devices and cause damage. According to Check Point, infections with blackmail or crypto-mining Trojans are possible. It is also conceivable that espionage attacks could occur. As Check Point says, devices from different manufacturers are to be affected, and online fax services also accessed the error-prone protocols.

The affected can do little to prevent the reception of appropriately prepared faxes, except to completely do without the fax or to deactivate network functions. The fax technology, which is now almost 40 years old, is still primarily used today in companies and by public authorities. If you can’t do without the fax and network functions, you should wait for firmware updates from the manufacturers.

At the presentation, the researchers used HP devices. HP has been informed by Check Point and claims to have already started delivering patches. Other manufacturers lack previous information. Depending on the manufacturer, it is best to check the respective support websites.

Check Point estimates that “hundreds of millions” of fax machines are still active worldwide and cites the Wall Street Journal as saying that annual sales of multifunction devices could be in the tens of millions.