Fax Machines Provide Attackers Easy Access to Infect Servers and PC’s

faxmachine

Did you know that a security vulnerability in your fax machine could allow an attacker to bypass your firewall and access your confidential network resources?   Fax machines use 1980’s technology and are relied upon heavily in the healthcare industry to help transmit patient information between providers.  We often don’t give them a second thought after plugging them in, but they can represent a real risk to your organization’s data.

 

It is common to find a fax machine that is also connected to your network so that it can be used as a printer.  Many copiers have print, copy, scan, and fax functionality built into them.  This means that your multi-function device is connected to both the outside world with an analog phone line and to your internal network.  It is rare to find a networked fax machine that has a  firewall from the rest of the network, but the fax machine can be a bridge between the analog outside world and your digital network resources.

 

Security researchers posted a Youtube video showing how they were able to successfully use an analog phone line to send a malicious fax to a company fax machine.  They took advantage of a security vulnerability in the fax machine and were then able to access the corporate network through the fax machine’s network port.  All this required was a phone line to send a fax.  It does not use the Internet and is not blocked by the firewall.

 

How can you protect your organization?

  1. Unplug your fax machine from the network, if not needed
  2. Isolate networked fax machines by firewalling them
  3. Update the firmware on your fax devices to a version that prevents this vulnerability
  4. Update processes to use encrypted email or encrypted data transfer instead of faxing

 

Do you have trouble keeping up with securing the information on your network?  Integrity’s dedicated Security team can help.  Contact us with any questions!

 

New Call-to-action