August 24, 2018 | By Joel Odom
Check Point Research demonstrated that combination fax-scanner-printer machines allow an attacker to use the listening telephone line connected to a fax feature to attack networks to which these machines are connected. The vulnerability, named "Faxploit," allows an attacker to embed malicious software in a specially-crafted fax. The malware executes on the victim's fax machine, allowing the attacker to use the fax to pivot to the network to which it is connected. Check Point demonstrated the power of the vulnerability by using a fax machine to take full control of computers on the same network as the all-in-one machine by having the fax utilize the Eternal Blue exploit.
IISP Analyst Joel Odom: "I don't know why it took so long for someone to come up with the idea of doing a vulnerability check of this attack vector. After all, modern fax machines are just computers that listen for incoming data over a phone line. When the machines take a call and receive data, they must parse a complex protocol with plenty of attack surface. As Check Point puts it, 'from an attacker’s point of view this is a jackpot, as finding a vulnerability in a complex file format parser looks very promising.'
In the cybersecurity world we often hear the mantra, 'complexity is the enemy of security.' I like to restate this as 'clever ideas are the enemy of security.' The fax protocol, with its ability to embed different image file formats, is a clever protocol. The idea of creating an all-in-one machine that can print, fax and scan is a clever idea. When these clever ideas appeared on the scene in the 1990's and 2000's, cybersecurity was much less on the mind of engineers than it is now, so I imagine that little thought was given to the attack surface these machines presented. For years they have sat in office mail or print/copy rooms, occasionally used but largely forgotten. How many other clever ideas from years past lie dormant, waiting for attackers to use them in surprising attacks? How many new clever ideas are engineers implementing today that open unexpected vectors for attack?"
For further reading
Joel Odom leads a team of researchers focused on software security as branch head for the Cybersecurity, Information Protection, and Hardware Evaluation Research (CIPHER) Laboratory at the Georgia Tech Research Institute. He and his team research static and dynamic software analysis, software testing techniques, software reverse engineering, and software vulnerability discovery and mitigation.