In many organizations, fax machines linger as dusty relics of a previous technological era. Some organizations aren’t even aware they have fax machines, the unused functionality built into multi-purpose printers. But some industries, such as healthcare, continue to rely on faxes to transmit data. Because the data is sent over telephone lines, not the internet, it’s believed to be more secure than email. In fact, the CEO of Sony Pictures started using fax machines rather than email after Sony was hacked.

However, this belief that fax machines are secure is incorrect. Many faxes sit in the printout tray, accessible to anyone walking by. More significantly, today’s fax machines are computers and are vulnerable to hacks just like any other digital device. Files that are sent or received are stored in the fax machine’s memory and can be accessed by hackers. Researchers were even able to exploit a vulnerability that let them use a fax machine to take over the entire company network.

The attack worked by incorporating malware into the image file sent to the targeted machine. So-called Faxploit uses buffer overflow vulnerabilities in HP OfficeJet Pro fax machine/printers to get the malware into the machines. Once the malware is in the machine’s memory, it’s possible for it to access sensitive data or get into the network and spread to other servers. The researchers who found the vulnerability point out that multiple types of malware, including ransomware, spyware, and cryptocurrency mining tools can be sent through this method.

Your fax number is no secret, and that’s all it can take for an attacker to get into your network. If you have HP OfficeJet Pro equipment on premises, make sure you apply the firmware patch that fixes this vulnerability. This is also a good reminder to make sure you have a solid process for applying patches to the applications and devices that access your network.

It’s also a reminder to periodically review your infrastructure to identify vulnerabilities. New threats are invented all the time, and even a solid cybersecurity strategy requires updates to respond to the new risks. The team of professionals at Prescient Security is certified in leading information security products and brings knowledge of current threats and solutions to the security strategies we deploy. Contact us to learn more about protecting your IT systems from fax machines and other hidden threats.