• Fri. Jun 14th, 2024

North East Connected

Hopping Across The North East From Hub To Hub

Faxploiting or how fax machines can be hacked

Time to ditch the fax machine and migrate to digital cloud fax

Fax machines may have fallen out of favour, which means they don’t provide the same value to hackers, resulting in the hardware falling under the radar.  But fax machines can be hacked — well, kind of. This is according to eFax, the cloud-based fax solution for businesses.

Scott Wilson, Senior Director, Sales & Service, eFax, stated: “Fax machines are digital devices, which means they have programmable computer elements that can be manipulated by external sources. However, there is a major difference between fax machines and emails, resulting in a misconception that they are safe for data transmission. You cannot hack into a fax machine and access what’s on it like you can an email. The fax machine as a unit is not what is vulnerable to hackers. Instead, it’s those pieces of technology connected to it that are hackable.”

There are two major hacking threats not often considered by those who use fax machines as a method of increasing security: interception and faxploitation.

Faxploit is a method of computer network infiltration. It uses programs similar to other methods of hacking — such as malicious files — to gain unsolicited access to computers for criminal activity. This may be stealing data, conducting blackmail activities, or data manipulation. Only fax machines are vulnerable to faxploit, hence the name,” continued Wilson.

A fax machine does not have a firewall. Fax machines are old technology and aren’t built to fight digital threats. This is because they’ve never needed to, so investment in this technology seems superfluous. However, hackers have become aware of this. They’ve learned that fax machines are unprotected — yet they are often linked to IT networks of an entire business using the internet or cable connectivity because they connect to a multifunction printer or wifi.

Since there is no protection here, hacks can launch an attack on the fax machine, gain entry and then access your computer network, spreading malicious files by hopping around using internal connections.

“Your fax machine is then connected to your IT network, which has protection from external threats — but not internal threats, as once something is in the system, it is trusted. Hackers can send malicious attacks through the phone line to your fax machine in the form of a script that runs on the device. The hardware has no way of stopping this happening, as there isn’t a function to prevent the script activating when the fax machine receives the message,” continued Wilson.

Why is that? Because when a fax machine receives data, it is programmed by design to take the information and turn it into a file without testing what it receives. The is supposed to be an image file, but hackers have found a way to get it to run scripts that aren’t just images; programming scripts that let them take control of the hardware. The script then allows the hacker to gain access to the fax machine and search for available networks connected. The hacker can then move through the network to remotely control computers on the system and engage their malicious files.

“There is only one way to really protect against the faxploit, and that is to ditch fax machines. The core problem behind faxploit is phone lines just don’t have built-in protection to stop emerging digital threats, and nor do fax machines. It would take a total reinvention of the technology to secure the platform completely.

“Fax machines might be old-fashioned and out-dated, but any successful business knows it’s still a significant player in the world of communication. Fax is still a major part of trade and relationships for many. Ditching the fax machine isn’t really an option but migrating to digital cloud fax is an alternative and more secure option. As well as improved privacy, the best digital cloud fax providers offer encryption using advanced security standards, combating sophisticated cyber threats,” concluded Wilson.