Posted By Remote Techs On 23-August-2018
Nothing bad could possibly happen to your company’s network if the only piece of information the hackers have is your fax number, right?
Unfortunately not, according to recent research by employees at Check Point.
They recently revealed details about not one, but two different REC’s (Remote Code Execution) techniques that exploit flaws in the communications protocols of tens of millions of fax machines spread all over the globe.
If you think the Fax machine has largely gone the way of the dinosaur, think again. Many printers sport “all in one” functionality, which includes both scan and fax functionality, and therein lies the problem. Since these printers are invariably attached to your network, your fax number is a good a way in, since most people don’t even think about it.
Called the “Faxploit,” the new attack type involves a pair of known buffer overflow vulnerabilities, CVE-2018-5925 and CVE-2018-5924, which allows anyone who takes advantage of them to have the ability to execute code remotely.
The researchers who discovered the issue created a proof of concept video demonstrating the attack in action. In their demo, they made use of an HP Officejet Pro 6830 and an OfficeJet Pro 8720, sending an image file with a malicious payload through the phone line. The moment the fax machine receives it, the image is decoded and uploaded into the fax/printer’s memory.
From there, the sky is the limit. Having gained a foothold on the network, what happens next is entirely dependent on the nature of the payload delivered. One thing you can be sure of, however, is that none of the outcomes you can expect will be good.
The researchers point out that there’s nothing special about the two all in one printers they selected, and the vulnerability will work on just about any make or model. Something new to be worried about.