You may think fax machines have gone the way of the typewriter, but hackers salivate over them. That’s right – hackers. Fax machines are horribly insecure as data is not encrypted. Anyone who can tap a phone line can intercept all data transmitted across it. Fax componentry in all-in-one printers is especially attractive to hackers, according to researchers Yaniv Balmas and Eyal Itkin at Check Point.
Source: Wired, August 12, 2018. Link.
“The attack scenario is actually pretty simple,” Check Point’s Itkin says. “A malicious attacker wants to infiltrate a covert network, let’s say a bank. And the fax number for this bank is public, so he can get that number. On the bank side, if the printer that receives the fax is also connected to the internal network, then all the attacker needs to do is send a malicious fax to this phone number and automatically he will be inside the internal network of the bank. It’s crazily dangerous.”
INSIGHTS: As Balmas says, “There are absolutely no protections over fax. Even if you really wanted to do that, there is no way.” If you can’t stop using a fax machine, he advises segregating the printers or to put them in a separate network. We’ve noted the importance of cyber security at least a half dozen times in AHD. We’ll continue since we all need occasional reminders.