Researchers at Check Point recently announced that they found a way to access a network by sending a fax. The vulnerability has been named “Faxploit”, and it allows an attacker to send a fax over a phone line that tricks vulnerable devices into running malware that is part of the fax image.
Since most fax devices are also connected to the network, the vulnerability can give the attacker access to an otherwise secure network over a simple phone line. According to Check Point, this could be used to gain entry to a network that has no Internet connection. HP has already issued a patch for this vulnerability on their All-In-One printer/copier/fax machines, but it is believed that devices from other manufacturers may also be vulnerable.
Over the years, I have been a staunch opponent of faxing, battling to eliminate it in every organization I have worked for. There are many reasons that faxing is not secure:
On top of all of the common security problems listed above, the discovery of the Faxploit vulnerability by Check Point demonstrates that faxing may expose more than just the contents of a single document. We urge institutions that still exchange faxes containing customer information to seek other alternatives. While a few customers may be inconvenienced, they will usually understand once the problems of faxing are explained to them.
We help financial institutions identify and mitigate cybersecurity threats. If you believe that your institution could benefit from our services, please do not hesitate to reach out!