SAN FRANCISCO, Aug. 13 (Xinhua) — Researchers from a Nasdaq-listed Israeli security company, which has a main office in the Bay Area in northern California, have warned of vulnerabilities likely to be exploited by hackers on all-in-one printers with fax functionality.
The security experts from Check Point Software Technologies said there are serious security flaws in all-in-one printers connected to the internal home or corporate networks through their Ethernet, WiFi or Bluetooth interfaces. They are also connected to a PSTN phone line to support their in-built fax features.
In a technical report released Sunday, the researchers said hackers could potentially exploit those vulnerabilities to break into the internal network of families or companies to steal sensitive data by sending malicious code to the printers with fax functionality.
They conducted a test on a Hewlett Packard (HP) all-in-one printer with merely a phone line and the target’s fax number, and faxed lines of malicious code disguised as an image file to the printer.
The file was stored in the printer’s memory, which allowed the researchers to gain complete control over the printer and then infiltrate into the rest of the network connected to the machine.
The researchers said they have found “several critical vulnerabilities in all-in-one printers which allowed us to ‘faxploit’ the all-in-one printer and take complete control over it by sending a maliciously crafted fax.”
“Once an all-in-one printer has been compromised, anything is possible. It could be used to infiltrate the internal network, steal printed documents, mine Bitcoin, or practically anything,” they said in the report.
Although the experiment was conducted on all-in-one printers, similar vulnerabilities are likely to be found in other fax implementation, such as fax-to-mail services and standalone fax machines, they warned.
They noted that HP Inc. has fixed the vulnerability with an update patch to Officejet all-in-one printer series before the report was published.
The Check Point researchers said the threat is real as an estimated hundreds of millions of fax machines are currently still in use around the world.
In a technology-dominated world today where people communicate with emails, chat messengers, mobile devices, web-services, or even satellites using quantum messaging, standalone fax machines appear not as popular as in the pre-Internet era, but financial reports from Wall Street indicate that tens of millions of all-in-one printers are sold worldwide each year, the experts explained.
They advised that private or sensitive files could be protected by moving them to a sub-network that is separated from a network where printers are connected.