Fuji Xerox Reports on ‘Faxploit’ Hack
Fuji Xerox of Japan reported late last month that is copier/MFPs equipped with fax are not susceptible to the “Faxploit” security vulnerability or similar online attacks.
The firm stated:
- “Our multifunction devices do not have color fax capability, which is used for the exploitation of the reported vulnerabilities.
- Our multifunction devices’ fax line is completely separated from network processes. None of the data received via the fax line would affect users’ network.”
This fax security vulnerability was first identified by researchers at Check Point Software Technologies last month.
With this fax vulnerability, researchers exploited the fax protocol of several HP Inc. MFPs/All-in-Ones to take control of the device by sending a fax via telephone line and then gained access to the connected network.
A company’s fax number is the only thing required to carry out the attack. The researchers at Check Point stated that they used HP Inc. All-in-Ones as their test case, and cooperated with HP to ensure a patch for the vulnerability was provided for HP products. But they noted similar attacks could apply to other vendors, as the vulnerability lies in the fax protocol itself, which could enable hackers to gain access to a company’s entire network.
The hack works by sending an image file through the phone line — or a file that the fax machine thinks is an image file — and that is coded to contain malicious software. When a company receives the photo, the image is decoded and uploaded into the fax-printer’s memory, allowing hackers to take over the device and spread the malicious code through the network.
- August 2018: Ricoh Says All MFPs Free of Fax-Hack Vulnerability