Newly Discovered Vulnerability in Fax Machines

Newly Discovered Vulnerability in Fax Machines

Happy Monday everyone! Recently, a new report exposes a vulnerability in the old forgotten fax/printer combo machines.

Aren’t Fax Machines Dead?

In a short answer no, fax machines are very much still alive. A lot of companies still use fax machines these days. Often as the result of old government regulations. In an attempt to try to “modernize” the situation (and help reduce the amount of room these printers take). Many of the remaining fax machines are actually Fax/Printer combination devices. These are a great option in many small to midsize business applications. However, due to an increased feature set on what is otherwise an obsolete technology. They pose a larger risk.

The Risk

Recently, news broke out that the old, tried-and-true fax machine introduces a new flaw. It turns out that it is possible to send a specially-crafted file to a fax/printer combo machine. The machine is unable to parse and sanitize this information properly. But instead allows the machine to run arbitrary code doing whatever the attacker wants.

How the Attack Works

Normally the fax machine would just “ring”, parse and render the file, and start printing it out. While this sounds good in principal, this newly discovered vulnerability adds in a twist. It is possible to send a specially-coded document to a fax machine and instead of parsing and rendering the document. The incoming code breaks out of the parsing function on the fax and runs arbitrary code on the fax machine.

I’ve personally dubbed this new type of attack “Fax Injection”. Like many other types of injection attacks such as SQL or XSS. The included code can do basically whatever the attacker wants it to do. Which is bad news to those of you with a fax/printer combo (especially one that’s connected to your internal network). There have already been reports of hackers throwing “Eternal Blue” malware into their exploits and infecting entire networks with ransomware.

My Questions and Insight

I’m not sure if it’s possible to attack a fax machine without causing it to print anything. As you might have to append the exploit to the end of a file destined to the fax. Either way, it is certainly possible to exploit this kind of threat on a device most of us have completely forgotten about.

I’m also not sure if this flaw exists only on certain brands of fax machines, certain models or even certain firmware revisions. It is entirely possible that all of the major bands of fax machines are susceptible to this flaw. I’d like to think that someone thought to sanitize the input received though the phone line. Even if such attacks where not always prevalent. Since this flaw took such a long time before it was discovered. It’s safe to say that it must be a case of an old sanitization library finally getting exploited. Suffering from some special sequence of characters that the sanitization doesn’t protect against and it breaks out of the function.

Unlike many computer threats such as a flaw in IIS or Apache web server. PTSN is an entirely different network from the regular media (Ethernet, Infinaband, Fiber Channel, etc.). Fax machines are not known for being updated very often. And there is no network IPS that you can deploy to detect and protect against this vulnerability. These are fax/printer combos need to be updated soon by the vendor. Preferably downloaded and installed automatically using the machine’s network connection if at all possible. war dialers still exist! What is old often becomes new again. And I think we’ll be seeing bots and war dialers scanning the Internet and exploiting these flaws soon.

Leave a Reply