Fax machines ripe for hacking, says new study

Often overlooked office fax machines pose a huge vulnerability to the cybersecurity of businesses and other organizations, according to a new study.

Many such machines run on decades-old protocols that are easy for hackers to penetrate, says Israel-based soft­ware com­pany Check Point’s study.

The study doesn’t focus on any hacks of actual fax machines, but explains how such an attack could occur and how it would work.

ADVERTISEMENT
The process is fairly straightforward for hackers.

Most fax lines are connected to an organization's larger IT network, so after a cyber intruder makes their way into an insecure fax machine, everything else, regardless of what other cyber protections are in place, can become easy targets.

“From this point, through a process of lateral movement, the attacker would be able to hop from one part of the network to the next infecting a wider portion of it as he progresses,” the researchers write. “Upon such an attack, it would be a matter of seconds before an entire network was compromised and you had an intruder well embedded across your systems.”

Figuring out a way in usually isn’t too hard — most businesses post their fax numbers publicly online, giving hackers a clear entry point.

There are currently 17 million fax machines in the U.S. and 46.3 million worldwide, the report estimates.