There are still over 45 million fax machines worldwide in 2018 in use by governments, corporations, and private individuals to transmit over 17 billion faxes annually. Just last month, the Knesset passed a bill sponsored by MK Sharren Haskel (Likud) and MK David Bitan (Likud) stating that government agencies would for the first time be obligated to accept documents sent by e-mail, not only by fax.
Banks, courts, health systems, and government ministries regard fax machines as a safer means of communications than e-mail. A new study by Check Point Software Technologies Ltd. (Nasdaq: CHKP), however, shows that faxes are not as safe as was previously thought. The study indicates that faxes can be used to penetrate organizational networks.
"A fax is itself a computer for all intents and purposes. It runs an operating system based on a 30 year-old protocol that has never been updated," says Check Point VP cyber Nitzan Ziv, who conducted the study. "The fax machine is connected by cable to a network or to WiFi within the network. An attacker can exploit this to carry out an attack within a selected organization." Ziv adds that all that is required for an attack is the victim's fax number, and instead of sending a fax for printing out, sending commands exploiting the weaknesses in the device.
An attacker who obtains the victim's fax number, which is usually available to everyone on the Internet, can send him or her encrypted malware, such as ransom attacks. The fax's structure makes it install the code containing the malware on the memory of the device itself. The researchers wrote that many fax machines are connected to organizational networks. As soon as the malware is installed on the fax machine, it can penetrate the rest of the organization. According to Ziv, it cannot be determined with certainty whether these weaknesses have ever been exploited, because a break-in via fax machine is likely to leave no trace.
"These are exactly the things being talked about in the Internet of Things (IoT)," Ziv adds. "These devices are very old and haven't been touched for years, and now it's blowing up in our faces." The researchers recommend disconnecting the fax from the organizational network and installing a security update issued by HP following the study.
Published by Globes [online], Israel business news - www.globes-online.com - on August 13, 2018
© Copyright of Globes Publisher Itonut (1983) Ltd. 2018