Faxploiting: Hackers Taking Advantage of the Forgotten Fax Function on Your Printer

There’s a meme making the rounds this week that goes like this: “Can I send you a fax later today?”
“You can’t send a fax to where I live.”
“Oh, where’s that?”
“2018. I live in 2018.”

There are similar memes and jokes out there about fax machines because, outside of certain documents that are too time-sensitive for overnight delivery and require signatures, who sends faxes anymore?

We might not be sending them, but if you have an all-in-one printer system, you probably have the fax option built in. You may have forgotten about it, but hackers haven’t. To them, your printer’s unused fax option is a new attack vector.

The Forgotten Workstation

Printers have long been an afterthought for security. Even as we spend more time focusing on IoT security, or securing mobile devices, or worry about what else might be connected to the network, the printer sits in a dark corner, forgotten about until we need to make copies or it runs out of paper in the middle of a printing. And that’s a mistake.

“The absence of printer security configuration management stems from a lack of awareness and recognition of the risks, a lack of visibility and a lack of control over large print fleets and the unavailability of a cost-effective, vendor-agnostic cybersecurity solution that works for the whole fleet,” said Jim LaRoe, CEO of Symphion, whose company released a white paper, “Securing the Forgotten Workstation.”

Claroty

“Large print fleets are too diverse (both in brand and geography) and dynamic (constantly changing) to rely on current print-industry approaches to print fleet management for printer security configuration management,” he noted. Another problem is that common print stream security software products, common enterprise security and data loss prevention (DLP) software don’t address printer security configuration management.

Or, if the manufacturer does build security features into the printer system, they aren’t always activated, especially for functions that aren’t used. Such as the fax. This leaves printer devices vulnerable for attacks.

The Faxploit

While you may not use the fax function anymore, there still are millions of fax numbers still in use. According to CSO, researchers from Check Point found “an attacker could send a malware-coded image file to the target. The fax machine portion of an all-in-one printer would then decode the image file and upload it to memory.” All they needed to do this was a fax number and an all-in-one device to dump malware into the network.

One industry especially vulnerable is the healthcare industry, as it is one of the few industries that still uses faxing as a way to share documents quickly and efficiently. Often, information between doctors, insurance companies and patients or family members can’t wait for an overnight delivery and it can’t be sent via email.

“Hackers are always trying to find new ways to get into hospital networks and cause nearly $13 million in damages for every breach,” said LaRoe. “With the widespread adoption of electronic health records (EHRs), more and more patient information is at risk and it is the responsibility of the CISO to protect these records. Unfortunately, many CISOs are currently unaware of a massive security risk to their network.”

Can You Stop Faxploiting?

Organizations can take proactive steps to protect their printers and fax machines by applying software updates and adding security measures so that only authorized persons can use the machines, said Heather Paunet, vice president of product management at Untangle. “However,” she noted, “fax machines generally have no authentication capabilities to stop a remote attacker from sending a fax.”

If your organization must use fax machines, the best solution is to put the fax and printers on a separate network segment. “This mitigates any problems if a hacker does gain control of the printer or fax, as no other devices can be exploited,” Paunet said.

Beyond that, existing security efforts provide only partial security for the print stream and enterprise because they omit printer security configuration management—the missing piece that exposes the entire enterprise to risk.

Doing nothing puts the business at risk of a breach—and, in healthcare settings, at risk of HIPPA compliance issues. Replacing an entire printer fleet with new printers is expensive and won’t solve the problem of open ports.

“New solutions must be offered, and printer manufacturers need to partner with security solution providers to solve the issue from a combined effort,” said LaRoe. “But first, everyone from the CISO to the CEO needs to recognize the magnitude of the problem that printer security has for hospitals and take action before the next very costly breach.”

Avatar photo

Sue Poremba

Sue Poremba is freelance writer based in central Pennsylvania. She's been writing about cybersecurity and technology trends since 2008.

sue-poremba has 271 posts and counting.See all posts by sue-poremba

Application Security Check Up