The same protocols are also used by many other vendors’ faxes and multi-function printers, and in online fax services such as fax2email, so it is likely that these are also vulnerable to attack by the same method."It’s critical that organizations protect themselves against these possible attacks by updating their fax machines with the latest patches and separating them from other devices on their networks," Balmas continued."Many companies may not even be aware they have a fax machine connected to their network, but fax capability is built into many multi-function office and home printers," said Yaniv Balmas, Group Manager, Security Research at Check Point.

To minimize the security risk, Check Point advises that organizations check for available firmware updates for their fax devices and apply them. The malware can then potentially breach sensitive data Semi automatic blow machine or cause disruption by spreading across any networks to which the fax machine is connected. That will limit the ability of malware to spread across networks.New research from Check Point Software Technologies has shown how organizations and individuals could be hacked via their fax machines, using newly discovered vulnerabilities in the communication protocols used in tens of millions of fax devices globally. It is still widely used in several industry sectors such as healthcare, legal, banking and real estate, where organizations store and process vast amounts of highly sensitive personal data.. Nearly half of all laser printers sold in Europe are multi-function devices which include fax capability.

"Once an attacker obtains an organization’s fax number (which is easily obtainable from corporate websites), the attacker sends a specially created image file by fax to the target. The UK’s National Health Service alone has over 9,000 fax machines in regular use for sending patient data. A fax number is all an attacker needs to exploit the flaws, and potentially seize control of a company or home network. "It’s a powerful reminder that in the current, complex fifth-generation attack landscape, organizations cannot overlook the security of any part of their corporate networks. The vulnerabilities enable malware (such as ransomware, crypto-miners or spyware) to be coded into the image file, which the fax machine decodes and uploads to its memory.

Following the discovery of the vulnerabilities, Check Point shared the findings with HP, which was quick to respond and to develop a software patch for its printers. Businesses are also urged to place fax devices on a secure network segment separated from applications and servers that carry sensitive information. In many countries, emails are not considered as evidence in courts of law, so fax is used when handling certain business and legal processes.The Check Point research demonstrated the vulnerabilities in the HP Officejet Pro All-in-One fax printers.Not often perceived as modern-day technology, there are over 45 million fax machines in use in businesses globally, with 17 billion faxes sent every year. "This groundbreaking research shows how these overlooked devices can be targeted by criminals and used to take over networks to breach data or disrupt operations