Believe it or not, but your fax number is literally enough for a hacker to gain complete control over the printer and possibly infiltrate the rest of the network connected to it.
Check Point researchers have revealed details of two critical remote code execution (RCE) vulnerabilities they discovered in the communication protocols used in tens of millions of fax machines globally.
You might be thinking who uses Fax these days!
Well, Fax is not a thing of the past. With more than 300 million fax numbers and 45 million fax machines are in use globally, Fax is still popular among several business organizations, regulators, lawyers, bankers, government agencies, and hospitals / medical service providers.
Since most fax machines are today integrated into all-in-one printers, connected to a WiFi network and PSTN phone line, a remote attacker can simply send a specially-crafted image file via fax to exploit the reported vulnerabilities and seize control of an enterprise or home network.
All the attacker needs to exploit these vulnerabilities is a Fax number, which can be easily found simply by browsing a corporate website or requesting it directly.
This RCE attack is explained in this short YouTube video.
The mitigation to this vulnerability is to keep your fax machines separate from your computer network. This same vulnerability exists with printers as well.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.