cua cà mau cua tươi sống cua cà mau bao nhiêu 1kg giá cua hôm nay giá cua cà mau hôm nay cua thịt cà mau cua biển cua biển cà mau cách luộc cua cà mau cua gạch cua gạch cà mau vựa cua cà mau lẩu cua cà mau giá cua thịt cà mau hôm nay giá cua gạch cà mau giá cua gạch cách hấp cua cà mau cua cốm cà mau cua hấp mua cua cà mau cua ca mau ban cua ca mau cua cà mau giá rẻ cua biển tươi cuaganic cua cua thịt cà mau cua gạch cà mau cua cà mau gần đây hải sản cà mau cua gạch son cua đầy gạch giá rẻ các loại cua ở việt nam các loại cua biển ở việt nam cua ngon cua giá rẻ cua gia re crab farming crab farming cua cà mau cua cà mau cua tươi sống cua tươi sống cua cà mau bao nhiêu 1kg giá cua hôm nay giá cua cà mau hôm nay cua thịt cà mau cua biển cua biển cà mau cách luộc cua cà mau cua gạch cua gạch cà mau vựa cua cà mau lẩu cua cà mau giá cua thịt cà mau hôm nay giá cua gạch cà mau giá cua gạch cách hấp cua cà mau cua cốm cà mau cua hấp mua cua cà mau cua ca mau ban cua ca mau cua cà mau giá rẻ cua biển tươi cuaganic cua cua thịt cà mau cua gạch cà mau cua cà mau gần đây hải sản cà mau cua gạch son cua đầy gạch giá rẻ các loại cua ở việt nam các loại cua biển ở việt nam cua ngon cua giá rẻ cua gia re crab farming crab farming cua cà mau
Skip to main content

Faxploitation: Hackers can use old-school printers to invade your home network

(in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity.

The more connected our devices get, the more protection they need. But that doesn’t mean a device needs to be “smart” to be hacked.

The team at Check Point Research recently showed how the fax function on a 1990s-era HP printer could be used to infiltrate network security. It was a groundbreaking demonstration, revealing just how vulnerable older technology can be to attacks. You might think that ancient printer you have in the corner of your office is harmless, but as this research shows, it might offer a backdoor into your network — and all the devices connected to it.

Sneaking in where no one was looking

Check Point Research took the stage at Def Con, the world’s largest hacking conference, to demonstrate what they called a “faxploit” in all-in-one, printer-fax machines.

How a hacker infects a network using faxploit. CheckPoint

The fax function on your old office printer may no longer be used, but if a company or personal fax number is made public on business cards or websites, the entire system is at risk. Using just that number, the researchers gained access to the entire associated network, including all the computers and data connected to it.

The process was shockingly simple. The hacker establishes connection with the printer, implements an exploit script, and sends a malicious fax right to the printer. That gives her full control.

“… Printers are common, highly prevalent devices that are universally being ignored when it comes to cybersecurity”

Once the hacker has access to a network, she can use it as a foothold to target other machines. In the demonstration, the hacker installed a piece of malware called the EternalBlue NSA exploit on a targeted PC connected to the network. The malware pulled a specific document from the computer and printed it out on a remote fax machine.

Other vulnerabilities noted by Check Point Research include “tampering with fax content” and “sending a copy of every fax that a customer sends to their bank.” While those fax-specific risks might not sound scary, anytime a hacker gains access to a network and the connected computers, data is up for grabs. Fax is often used for sensitive and important documents, and the ability to alter a fax could certainly appeal to hackers looking to make a buck.

But what makes printers so vulnerable? We spoke with the CEO of Symphion, Jim LaRoe, who knows firsthand what makes this research so troublesome.

Hacking the Fax – Ground Breaking New Research in Cyber

“The reason [the faxploit] caught people’s attention is because printers are common, highly prevalent devices that are universally being ignored when it comes to cybersecurity,” LaRoe told Digital Trends. “Printers are servers that transmit, use, and store sensitive (and valuable information), that provide on-ramps to other valuable digital assets inside companies.”

Though some printers have multiple servers and hard drives built into them, they aren’t treated with the same attention as other devices. Desktops and laptops are locked down by IT departments while printers often go unnoticed and become a security liability.

“The bad guys follow the valuables and they can’t steal jewelry or cash through a printer.”

“A typical server is inside the company’s data center on highly monitored, controlled and protected network, and is watched under the careful eye of trained system administrator,” said LaRoe. “Conversely, printers are most often not on a separate network, and even if they are, are not managed for security and are often on wheels in the middle of offices, or say an emergency room, with physical (and often digital) access to everyone.”

The faxploit isn’t the only recent vulnerability found in printers. Just a couple months ago, HP launched a bug bounty program specifically for printer security, sparked by BugCrowd’s 2018 “State of Bug Bounty” report. The report showed that print vulnerabilities have increased 21 percent in the past year.

Getty Images

LaRoe explained printers are often deployed on networks with “default administrator passwords and 40-60 open ports,” which makes them relatively easy to compromise.

Clearly, printer security has a long way to go.

Securing your printers

Though all of this applies to personal homes as much as large-scale organizations, LaRoe reminded us that there’s far less incentive for a hacker to pull off something like a faxploit on a home printer.

“As we all know, for the bad guys, [faxploit] is now a published recipe for cooking up bad thing.”

“Many of those threat vectors are presented at home, but unlike business, most homes do not have high value digital assets for someone to steal or deny service to or ransomware computers for,” said LaRoe. “The bad guys follow the valuables and they can’t steal jewelry or cash through a printer.”

However, LaRoe said the prevalence of internet of things devices in the home gives even more power to an indirect entry point like the printer. The more connected devices are locked up behind a single lock, the more reward there is for a hacker to break it.

When it comes to the faxploit itself, it’s still thankfully theoretical. Hackers haven’t been caught using this tactic quite yet, and Check Point Research worked with HP to develop a patch for its exploit. Yet LaRoe thinks this is just the tip of the iceberg, as evidenced by the pages and pages of “printer hacks” available on Google. Some are ways to get more color from your printer. Others are closer to something you’d see at Def Con.

Checkpoint Faxploitation network infographic
CheckPoint

“As we all know, for the bad guys, it is now a published recipe for cooking up bad things,” said LaRoe, in reference to the faxploit.

There are solutions, of course, such as the one LaRoe has at Symphion, which involves hands-on surveillance and monitoring of a company’s print assets. Check Point Research suggests segmenting your printer into a separate network as an important strategy to shut off access to the rest of your network. But for the average person, simple tactics like changing the default password of your networked printer, and installing the latest firmware, are always recommended.

The faxploit doesn’t require every person needs to sell their old fax machine, you should at least look at your old fax machine with suspicion.

Luke Larsen
Luke Larsen is the Senior Editor of Computing, managing all content covering laptops, monitors, PC hardware, Macs, and more.
Your electric bill will skyrocket this summer. Smart home tech can help.
Google Nest Home devices.

Summer is here, and for many of us, that's great news. But for the many of us who find ourselves working from home, summer also means electric bills are going to skyrocket -- now more than ever with families continuing to follow social distancing guidelines. With warmer temperatures, longer days, and many summer activities canceled, costs are going to soar.

The U.S. Energy Information Administration forecasts rising electricity costs this summer. Homes need to stay cool for longer, computers will be on longer, and lights will be on more. If you're not careful, it can get away from you.

Read more
Samsung has an invisible keyboard that you can use with your phone
samsung selfie type invisible keyboard ces 2020

Keyboards come in all shapes and sizes, you can fold them, use them across multiple devices, and even enjoy their ergonomics. At CES 2020, though, Samsung has an interesting conceptual take on the keyboard. It's one that you can't even physically see -- an invisible A.I. powered keyboard dubbed the SelfieType.

Although the concept of an "invisible" keyboard isn't new, Samsung's conceptual SelfieType looks like something straight out of a science fiction movie. Though existing products like the Celluon Magic Cube Laser Projection Keyboard need to be connected up to a device, Samsung's conceptual keyboard is a bit different. Instead of using lasers or projection, SelfieType uses your phones' existing front-facing camera to track your hands as you type on any surface. It is powered by machine learning and can turn the individual movement of your fingers into keystrokes.

Read more
The Windows 11 24H2 update is causing even more problems
Windows 11 logo on a laptop.

The Windows 11 24H2 update had already been giving users a real headache with problems such as bugs for visual layouts and flaws for certain wallpaper apps. And now, as Microsoft confirms in a support document, some people without administrative privileges can't change the time zone in the Date & Time view, among myriad other issues related to the important Windows 11 update.

A Feedback Hub post also reports a time issue after exiting Sleep Mode, specifically after about one out of every five overnight sleep cycles. There is also a report that the time is not syncing correctly following daylight saving time. Put differently, the update doesn't break the time zone, but only affects the toggle or makes it very difficult to modify it.

Read more