
Fax machines can be hacked to breach a network, using only its number (2018) - DanBC
https://www.healthcareitnews.com/news/fax-machines-can-be-hacked-breach-network-using-only-its-number
======
c7h
Guess I've seen this talk at 35C3 in 2018.
[https://media.ccc.de/v/35c3-9462-what_the_fax](https://media.ccc.de/v/35c3-9462-what_the_fax)

~~~
unixhero
Excellent talk

------
EamonnMR
> Security researchers have long bemoaned the use of fax machines, as the
> antiquated devices pose real privacy issues when it comes to transmitting
> patient data. Considering that an estimated 75 percent of all healthcare
> communications are still processed by fax, the security threat is real.

~~~
MiddleEndian
They should upgrade to carrier pigeon

------
CodesInChaos
The article claims that the flaw is in the fax protocol itself. But it also
claims that it's a buffer overflow leading to RCE, which would be an
implementation flaw, not a protocol flaw.

Can anybody explain that contradiction?

~~~
NortySpock
In the talk linked by c7h elsewhere in this comment section, a buffer-overflow
exploit was found in the JPG library that allowed remote code execution. Since
some fax machines support JPGs for transmitting color faxes, those fax
machines were vulnerable.

~~~
Zenst
aha .jpg. Been many a system fall foul to buffer overflows in attachments.
Blackberry had one system (NT) doing all attachment processing and that fell
foul of .jpg issues in the same vain.

Thing is, once a flaw is found in some library or another, those updates and
changes don't always get propergated across to all devices, be they a router,
fax machine, scanner, printer etc etc. Many of which get deemed - it works,
never touched again once setup. That is even presuming that the manufacturer
updates and releases new firmware in the first place.

Remember, many bits of kit list what open source libraries etc they use and
versions, yet are often slow or artificially obsoleted via support being
dropped. So they end up remaining vulnerable to what will be an exploit. This
makes them easy to identify thanks to their open source statement and list of
what they use and with that, fall foul to script-kiddy style attacks for want
of a better way of phrasing it.

------
downrightmike
"The researchers used an HP all-in-one printer/fax machine, although the
vulnerability is found in the fax protocol itself. Check Point worked with HP
to make sure the product received a patch for the vulnerability, but other fax
machines may still have the flaw." HP had the issue, which is apparently
patched.

------
hollander
In essence you have to disconnect the fax from the network, and the network is
safe. The downside is that printing-to-fax doesn't work, and you need another
machine for either printing or faxing.

~~~
adolph
That may work in some contexts. In larger organizations most fax machines have
no print/scan components, they are conduits to the document management system
and from the EHR. Hopefully (??) those get patched more quickly than all-in-
one hardware.

