I thought by now fax machines would be long gone. We don’t give much thought to the security threat these machines might pose to your organization. Thanks to Internet Scambusters for allowing me to reprint this excellent article on the problem and solution.
Fax machines may seem like old-fashioned technology but there are still 17 million of them in use in the United States today.
And every one of them potentially has a security weakness that could allow hackers into your home or business network.
In this week’s issue, we’ll explain this vulnerability and the one essential step you should take to safeguard your security.
Let’s check out today’s… Hackers Target Networks Via Fax Machines
Do people still use faxes? Apparently so, although the numbers are declining — slowly.
Today, there are about 45 million machines in use worldwide, with around 17 million of them in the U.S. alone. And around 17 billion faxes are transmitted every year.
Many of these devices still being used in businesses and homes in the U.S. (technically, those using ITU T.30 protocol) are a potential hacking route for crooks to break into networks, steal data, and generally cause chaos.
The trouble is that the basic fax technology has been around for decades and hasn’t really been updated. It was created for older, safer times.
Multi-function printers that include a fax — and most of them do, even if that function is rarely used — are especially at risk, as are online email faxing services.
Although, in the old days, a fax machine was a standalone device that just connected to a phone landline and faxes were moved around home or office by hand, today most of them are linked to home and company networks.
That’s because a printer usually has to be attached to a network to be of any real use. You may not use the fax element but, if it’s connected to a phone line and if the printer is then on your network, you’re potentially at risk.
A fax number is all a crook needs to be able to hack into some machines say researchers at cyber-security firm Check Point Software Technologies.
Once the hacker has the number, he sends a special type of image file containing malware to the fax. This goes into the machine’s memory and, from there, can be used to start a network attack.
Even if the fax itself is not directly connected to the Internet itself, it still can be hacked via just the phone line and, as long as it’s connected to the network, the malware can make its way from there.
This means the malware bypasses normal external network defenses like anti-virus software and firewalls and so is a particular threat to small firms and home users.
“Many companies may not be aware that they have a fax machine connected to their network, but fax capability is built into many multi-function office and home printers,” warns Check Point’s Security Research Group Manager, Yaniv Balmas.
The company’s research shows how these overlooked devices can be targeted by criminals and used to take over networks to breach data or disrupt operations.
A real worry is the continued use of these devices for 75 percent of all healthcare communications. You’ll likely spot a network-connected multi-function printer in your doctor’s office.
The research team looked at one particular brand of printer/fax machines to identify the problem. As soon as the vulnerability was found, the manufacturer involved issued an update to the machine’s programmable circuits (known as firmware).
Critical Steps for Fax Machines
That could be a signal for you to take the same critical step. Anyone who owns one of these machines should check with the maker to see if a firmware update has been issued and to install it as soon as possible.
Simply go to the manufacturer’s website, visit the support section, track down the name of your device, and see if updates are available. If you don’t find anything, email the maker’s support team and ask.
If you’re running a small business, also consider putting your printer/fax on a separate network segment to keep it apart from any sensitive data your system may store or handle.
For now, there are no security tools that will scan the digital format in which incoming faxes are delivered and where the malware hides. And because usage is so widespread, we are all at risk of data theft from these vulnerabilities, even if we don’t have a fax ourselves.
For example, as well as the health care sector, they’re also in widespread use by banks and real estate offices.
As technology website Engadget said, commenting on the vulnerability just a couple of months ago:
“Just because something has been around forever and may have originally been analog (i.e. non-digital), at some point it went digital and with that convenience, there is potential for hacking. That’s the world we live in, and it’s important for everyone to remember that. Even your doctor.”
For home users of multi-function devices, the most effective solution is simple. Unless you plan to use the fax, don’t plug it into a phone line!
Does your organization still have a physical machine? When was the last time you updated the software/firmware?