The Internet of Things have made our lives so easy and yet so much more complicated. Who knew that we couldn’t live without have a refrigerator that could be programmed from the other side of the country? There has been of course a downside and that is that anything that is connected to the Internet is capable of being hacked and it has led to some major fiascos for some people and companies. We can add a new device that is capable of being hacked and that is the good old fax machine.

A fax machine?

The fax machine is certainly not new. We’ve been using them for decades as a way to send information much quicker than mail. Heck they’re still in use today even though email and private messaging have made its role in society all but obsolete. Part of that may be because a fax machine is a component of the popular all-in-one printer models.

The vulnerability

Researchers have discovered a vulnerability that allows them to exploit protocols dating back to the 1980s that govern the format of a fax. The fax machines are certainly vulnerable as they have no security built into them but have managed to be overlooked until now. What makes this vulnerability more dangerous is that many fax machines are connected to internal corporate and government networks as well as those of numerous private citizens. Banks and the real estate industry still rely heavily on them and in Great Britain the National Health Service still have 9,000 of them in use. Fax machines are also ideal targets as a fax number for any business that has one is very easy to find.

What happens is that a malicious code is sent to a fax machine in the form of an image. The code allows the hacker to take control of the device giving them a small entry point in a network. With a little bit of work they can then gain access to more of the network.

Found by the good guys

Sounds scary doesn’t it? The good news is that the vulnerabilities were discovered by security researchers in a lab with an HP fax machine and not a criminal. There is no evidence that any fax machine has been compromised and patches have been issued by HP to correct the flaw. Did you apply the patch? If you did not you better had as when this information is made public it alerts the criminal element and many will go in search of vulnerable entities. There was more good news as the researchers, Yaniv Balmas and Eyal Itkin, had to overcome several technical hurdles to hack into a HP Office Jet 6830 all-in-one machine including severely outdated firmware but it was done.

Comments are closed.

Scroll to Top