Friday, August 31, 2018

HP Leaves Mac Users Vulnerable to Fax Hacks

Saheli Roy Choudhury:

Researchers at Nasdaq-listed Check Point Software Technologies said that fax machines — which still reside in many offices — have serious security flaws. Those vulnerabilities could potentially allow an attacker to steal sensitive files through a company’s network using just a phone line and a fax number.

In a report released on Sunday, Check Point researchers showed how they were able to exploit security flaws present in a Hewlett Packard all-in-one printer. Standalone fax machines are a rarity in companies today, but the fax function is still present in commonplace all-in-one printers.

They faxed over lines of malicious code disguised as an image file to the printer, relying on the fact that no one usually checks the contents received over a fax. The file was decoded and stored in the printer’s memory, which allowed the researchers to take over the machine. From there, they were able to infiltrate the entire computer network to which the printer was connected.

Joshua Long:

Oftentimes when HP releases firmware updates for printers and multifunction devices, the company only makes the firmware available in the form of an EXE file — a Windows application. In spite of the severity of the Faxploit bugs, HP has not made an exception to this unfortunate practice.

Of the more than 150 affected models for which HP released firmware updates, approximately one quarter of them do not have a Mac-compatible firmware update installer available to download through HP’s support site.

2 Comments RSS · Twitter

Boot camp: it's not just for those unfortunates who are stuck using a windows app.

Man, this stinks. However, in addition to Boot Camp, Virtual Box would probably work as well. Then you can download one of the free Windows 10 development images from Microsoft and likely use that to upgrade the fax firmware.

Leave a Comment