That fax machine you don’t really know how to use? Turns out, it could let hackers access every file in your network.
Using only a phone line and fax machine, researchers at Check Point Research were able to gain access to every computer connected to a Hewlett Packard all-in-one printer. They sent a fax of malicious code disguised as an image file to the printer, which then stored the file, allowing researchers access to the entire network.
Many offices have all-in-one printers with a fax function, but the technology is used infrequently. That was part of the vulnerability Check Point’s researchers were able to exploit: no one was checking incoming faxes, therefore no one caught the malicious file.
Cybersecurity is a pressing issue at many levels—from the U.S. election system to that email password you haven’t changed for years. As discussed at Fortune‘s Brainstorm Tech conference in July, a so-called “Cyber 9/11” could derail essential national infrastructure such as air-traffic control or the energy system. On a smaller scale, vulnerabilities found in applications commonly used by retail investors could allow hackers to steal money from individual account holders.
Still, the majority of efforts to keep information safe focus on parts of the network where the most sensitive data is kept. Ignoring low tech, low sensitivity areas like all-in-one printers effectively leaves open a back door through which hackers can gain access to the same information, sometimes with less hassle.
HP fixed the vulnerability in the all-in-one printer the researchers tested, but all-in-one printers from other brands may still have the same issue.
