In spite of many communication strategies available, healthcare providers still frequently use faxes for communicating. Some estimates propose as much as 75% of all communications take place by means of fax in the healthcare sector.
Though fax machines probably would not rank highly on any listing of probable attack vectors, new research says that imperfections in the fax protocol may be exploited to kick off attacks on companies and obtain network access.
Researchers at Check Point identified the vulnerabilities when they were able to exploit them to develop a backdoor into a system that was employed to rob data by means of a fax machine. The researchers are convinced there are hundreds of thousands of insecure fax machines presently in use across the world.
To manipulate the vulnerability, the researchers directed a specially designed image file via the phone line to a targeted fax machine. The fax machine translated the photo and uploaded it to its memory and the researchers’ script activated a buffer overflow state which granted remote code execution. The researchers successfully gained control of the fax machine and, employing the NSA exploits Eternal Blue and Double Pulsar, propagated malware to an insecure PC that was hooked up to the same system.
The malware was developed to look for files of interest. If a file was found, it was routed back to Check Point through fax. Check Point’s investigation was predominantly centered on HP’s OfficeJet Pro all-in-one fax printers, however the same vulnerabilities can be found in other manufacturers’ fax machines which include those made by Epson and Canon.
Check Point notified HP concerning the problem, which has already been patched, even though some other manufacturers’ equipment stay susceptible. In a lot of circumstances, software on all-in-one-printers can’t be updated. Rectifying the vulnerability will simply be achievable by changing to current devices.
Check Point advises all organizations that still make use of fax machines, such as healthcare providers, must find out if their fax machines can be updated and be sure all software are current. In case upgrades aren’t workable, replacing the devices is highly recommended and the printer-fax machines must be based on protected networks isolated from those where protected health information (PHI) is kept.
Though the investigation was aimed on all-in-one printers, the researchers observed that attacks will not be confined to those devices. Most likely, stand-alone fax machines may additionally work as an entry point into a business system as may fax-to-mail services.
At this point there were no reports that this approach of attack is being employed in the wild, nevertheless the Check Point researchers take note that it will simply be a little while before other folks find out how the attacks could be executed.