Sure, you probably don’t often use a fax machine these days. The advent of email and other online messaging tools has in a lot of ways made the older technology obsolete, though that does not mean they have been wiped from existence.
Plenty of businesses still use them, however, as they are especially good for contracts and other documents that are best printed out. These days plenty of places have all-in-one devices, with their fax machine being accompanied by a printer and photocopier.
Because of the multi-use ability they are often connected to a place’s internal network, which then opens them up for some problems. Such as one that is making the rounds, taking advantage of protocols put into place in the 1980s.
How secure do you think the lines were back then?
The problem was discovered by a couple of researchers from Check Point software who presented their findings at DefCon in Las Vegas. They noted that millions of companies could be at risk, as they most likely have not done all that much to secure their fax lines.
Yaniv Balmas, one of the researchers, said there are no security measures built in with fax, which led to him and his team being surprised given how many places with important information still use the technology. Hospitals and government agencies tend to still use them, and there are also plenty of other business you can’t even think of.
In fact, Balmas said he was surprised by just how many organizations still use fax machines.
What happens with the hack?
Given that the protocols to govern fax security were put together in the 1980s and they have not been updated since, it should come as little surprise they are not able to handle the issues facing technology some 30 or so years later.
To break in, the hackers used a software exploit called “Eternal Blue,” which was actually behind the WannaCry attack of 2017. Because the fax protocols are not worded and not exactly uniform across manufacturers, the machines carry with them some vulnerabilities.
More specifically, the all-in-one fax, printer and copy machines made by Hewlett-Packard were quite vulnerable, though HP issued a patch to correct the problem. But Balmas noted that since fax machine numbers were shared all over, they could provide a nice attack route for people with bad intentions.