Network threat from faxes
Reading Time: 2 minutes22nd September 2018 | Modified: 19th December 2022Categories: Security
Companies should be aware of the hidden security threat from fax machines which are an unlocked backdoor for criminals.
New research from Check Point Security estimates that 300 million fax numbers are still in use. Using just a phone line, the researcher sent a fax that took full control over the printer that received it. It later spread the infection inside the recipient’s computer network.
This is a big problem in the UK because many major organisations still use faxes. For example, a recent poll conducted by the Royal College of Surgeons reveals a big threat to the NHS and any businesses that supply it as there are around 9,000 faxes still in use across the health service.
Gary Jowett, from Computer & Network Consultants in Brighton, said: “Check Point says this security risk should be given special attention by fax users because there’s a need to change the way that modern network architectures treat printers and fax machines. The researchers demonstrated this vulnerability on HP Officejet all-in-one printers. However, it also applies to other fax technology. The problem lies with the fundamental fax protocols used which were established way back in the 1980s.”
NHS vulnerable
HP, for one, has admitted there was a vulnerability in some of its printers and now it has updates available to help companies mitigate the risks.
Gary added: “IT departments in many companies have added authentication checks to network printers so that only authorised users can initiate printing. Although Check Point says that, under the current protocols, fax messages are always sent out unauthenticated.
“As documentation can now be shared digitally as PDFs and in other formats and scanned signatures are now widely acceptable for transactions and agreements, it may be worth updating your fax or considering an alternative way to communicate before you suffer a malicious attack on your network that compromises customer data, disrupts your operations and could lead to financial penalties from the regulatory authorities.”