In today’s constant barrage of technology warnings about computer ransomware, phishing, and keeping track of multiple passwords, it is easy to overlook the dusty old fax machine in the corner. A relic of the 1990s, a fax machine seems safe and secure in its simplicity. It would be like worrying about your grandmother breaking into your house and stealing your silver.
Bad news – now you have to worry about grandma.
An Israeli software company, Check Point, recently found a vulnerability in common, network-connected all-in-one devices that fax, print and scan documents. All that is needed to gain access to these devices is the fax telephone number.
How to Hack a Fax
All-in-one fax machines are commonly connected to the organization's internal Wi-Fi (or Ethernet) and to the phone line. A hacker can send a specially designed image, coded with a malicious software, through the telephone line to the fax machine. The fax then reads the image. The malformed image then causes the fax image decoding function (a part of the fax machine firmware) to execute the hacker’s code instead of the fax’s firmware code. This, in turn, will allow the attacker to gain full control over the fax machine.
At this point, grandma has successfully broken into your house. With control over the fax machine, the hacker has easy entry, in the absence of firewalls, to all devices connected to the network. The hacker can now control your computers. The silverware is gone.
Stop the Fax Hack
Sometimes, it’s the little things that cause the biggest problems. Remember way back in those halcyon days when we were blissfully ignorant of computer hacks? Most people had never heard of a computer breach until the famous 2013 hack of the Target stores credit card system. That happened because common and simple things were overlooked, like the store’s HVAC password system and how it connected to the payment-related computers.
The good news is that the simple fax hack that Check Point found is still, at this point, theoretical. No actual hacks have been reported.
Fix the Fax
This additional vulnerability may help finally seal the fax’s coffin. In the meantime, there are a few things you can do:
1. Update and install firmware patches on your fax machine. For example, the machine used by Check Point was an HP Inkjet, and HP issued a patch. In some cases, the fax update can be downloaded directly from the fax machine menu.
2. Disconnect and unplug the network (Ethernet) line when not using the fax.
3. Ensure your computer network uses anti-malware and anti-virus applications, intrusion prevention software, and firewalls on the operating systems.
For more on fax machines in healthcare, refer to LAMMICO’s article “The Facts About Faxes.” For more information, please contact the LAMMICO Risk Management and Patient Safety Department at 504.841.5211.