Some of us think of fax machines as a relic, but fields like healthcare and government still rely on faxes every day. Researchers have discovered serious vulnerabilities in fax machines that could let cybercriminals infiltrate any home or corporate network with just a fax number.Known as ‘Faxploit,’ the vulnerability research by Check Point’s Yaniv Balmas and Eyal Itkin illustrates how a hacker could easily exploit fax protocol and infiltrate a network. To begin, corporate fax numbers are typically posted on websites and business cards. Using that number, a hacker could send an infected file to the corporate fax machine as a way to launch a beachhead for a larger attack.
“The attack scenario is actually pretty simple,” Check Point’s Itkin says. “A malicious attacker wants to infiltrate a covert network, let’s say a bank. The fax number for this bank is public, so he can get that number. On the bank side, if the printer that receives the fax is also connected to the internal network, then all the attacker needs to do is send a malicious fax to this phone number and automatically he will be inside the internal network of this bank. It’s crazily dangerous.”