Take a look around your office. Depending on where you work there could be all manner of potentially dangerous items lying around. The chances are though, you would never have considered the humble office fax machine to be one of them.
Unfortunately, because that view is almost universally shared. They are very rarely protected with the sort of security patches you would apply to your computers, routers and phones. This makes them a holy grail for hackers.
Interested in Cyber Security and how you can protect your business? Get the facts in our White Paper>>
According to research conducted by Israeli Cyber Security firm Check Point, tens of millions of commonly used fax machines have critical security flaws present in them. Since these fax machines are invariably connected to your corporate network, getting access to these can provide skilled hackers with free access to your data.
If you are still scratching your head to remember the last time you saw a fax then you may be surprised to know that despite being old-fashioned technology (the first demonstration of an early fax machine was to Napoleon III in 1860), the fax machine is still prevalent in offices across the world. This is particularly true in Healthcare and Legal, where common practice remains that important documents be sent via fax. The NHS, for example, relies on nearly 9,000 fax machines for its operations in England alone.
This isn't the first time it has been revealed that unlikely appliances can be hacked. In March 2017 it was revealed it is possible to hack into the microphone of your TV in order to eavesdrop on conversations.
How the exploit works
On a typical office network, your devices connect to your router, which also connects to the internet. There is a firewall between your router and the internet which protects you from malicious traffic on the web. However, all of your devices (PCs, laptops, printers etc.) are connected to each other, below the security of the router’s firewall.
Because fax machines are connected to phone lines, there is automatically a point of entry for attackers - even if you are not connected to the internet. Once they have access to your fax machine, they in turn have access to all devices connected to it. The attacker is able to hop from one device to the next along your network, infecting them as they go.
How big is the threat?
Potentially huge. The connection between devices on your network is often open. This allows easy file transfer between devices in your office internet. Therefore, by gaining access to your fax machine, a hacker can theoretically gain access to all your documents, or could install a piece of malicious software such as a keylogger to gain control of your password for things like online banking.
However, this is not the only way that harm can be done. Control of the fax machine can give the ability to reroute all faxes sent back to the hacker, giving them access to sensitive information. It could also even mean tampering with faxes themselves, altering their content in a way that benefits the attacker.
A determined intruder with a strong motive and a little imagination could, in theory, do all sorts of damage to an infected network.
How you can protect yourself
Firstly, if you have a fax machine connected to your network that you do not use, the simplest answer could be to just get rid of it.
However, if your industry requires fax for whatever reason, or you are like the many businesses that have a fax machine connected to their multifunction printer, that is not an option. In which case, the best course of action would be to ensure your fax machine does not sit on the same level as the rest of the devices on your network.
This means segmenting your office network so that access to sensitive information is minimised to only the devices that absolutely need it. So even if a hacker did gain access to your fax machine, they would be unable to move laterally across your network and infect other machines along the way. This can be done using firewalls or VLANs (if you don’t know what those are, you’re not alone!)
You should also check your fax machine for important updates. Check Point states that their research was done in conjunction with HP. For users of HP multifunction printers, there is a software patch that will fix the vulnerability.
For those that do not use an HP multifunction machine, we recommend regularly checking the update page for your device online. Now that the research is out there, you should expect that updates and patches should follow.
Conclusion
With the pace of change in technology being so high, it can be hard to keep on top of all the attack vectors. Whilst many modern devices come with strong security measures built in, some of the older devices that we still use can pose a threat in ways we might not be aware of.
This research is a stark lesson in keeping on top of what we have on our networks, and ensuring that a security policy forms the backbone of our organisational policy.
What if this all seems a bit daunting though (and you don’t know your firewalls from your VLANs)?
Fortunately, at entrustIT, we do! If you are looking for help reviewing your security strategy or need some consultancy to determine the best course of action for your business, then that is something we can help with.
We will get inside your organisation to discover your pain points and concerns, and provide an IT solution using hardware, cloud, or a mixture of the two. For when physical security is concerned, we also offer cloud CCTV options, giving you control of your cloud enabled cameras from an internet portal wherever you are.
IT security is a complicated and ever-changing topic, but with the right help you can succeed.
Interested in Cyber Security and how you can protect your business? Get the facts in our White Paper>>
