Recently, a couple of vulnerabilities were discovered in the fax protocol which are potentially hazardous in many ways. These vulnerabilities are able to transform the respective fax machines into some sort of entry points that can be used by the hackers in order to get into the corporate networks, as reported by a couple of researchers working at Check Point. The researchers revealed this news in a talk that was given at a security conference DEF CON 26, which was held in Las Vegas. This attack is called as Faxploit and it targets the ITU T.30 fax protocol in particular, according to the copy of the presentation given last week by the researchers named Yaniv Balmas and Eyal Itkin.
This Faxploit, as they call it, actually leverages a couple of buffer overflows in the components of the fax protocol. These buffer overflows handle the COM and DHT markers which are CVE-2018-5925 and CVE-2018-5924, respectively.
The researchers said that some malformed fax images can be sent by the attackers to a particular fax machine and these images carry a certain code that usually exploits the vulnerabilities mentioned above. By doing so, the attackers can easily gain the remote code execution rights after which the hacker can run his code and take complete control of the machine.
The attack is said to be extremely simple as the hackers do not need a sea of information. All they want is the fax number of a particular fax machine in the organization which the attackers want to target, which is very easy to get as most of the organizations publicly post the fax number on their respective websites.
Out of all companies that make fax machines, only HP has released patches for the printers in an attempt to address Faxploit. Other companies as well are expected to take some action against the same. Till that time, by using network segmentation, the attacks can be defended, as per the researchers.