Cyber security for fax machines
agsandrew -

The VDE Institute warns about legacy fax machines

The issue of cyber security is ubiquitous in the age of digitalization, Industry 4.0 and the internet of things (or IOT for short). There are regular reports about the latest cyberattacks on companies, government bodies and private individuals. Unprotected networks and their connected devices serve as a gateway for hackers. The fact that even legacy and unused fax machines pose a potential risk, however, is something that is unclear to many people.


Dr. Siegfried Pongratz

Despite their greatly obsolete communications technology, fax machines can still be found in many offices today. Particularly, people still prefer to send faxes in the healthcare industry and in government. Even many all-in-one printers have fax functionality. The surprising ubiquity of devices with fax functionality has encouraged researchers from Check Point Research to study their information security. To that end, researches sent faxes with malicious code–disguised as an image file–to all-in-one printers with fax functionality.

The trick is that this code throws the fax machine "out of whack" and causes a buffer overflow; as a result, the loaded malware can be executed, therefore giving researchers unfettered access to the entire network. The device does not necessarily give people clues as to when these faxes are "received". There are no warning tones either.

The scary revelation: This type of attack can also be used on a great deal of fax machines, since telephone lines, unlike the other data lines, are not protected or monitored by special protection mechanisms.

"This example clearly shows that all possible communication methods must be accounted for and assessed in a security concept. This security concept must be periodically reviewed and–if necessary–revised, since there are always new findings and attack scenarios. Legacy systems (devices and utilized communications protocols) must likewise be continuously checked to determine if they still meet standards", explains Alexander Matheus, Senior Expert of Smart Technologies at the VDE Institute.

As such, the VDE Institute recommends deactivating unused fax machines or the fax function in all-in-one devices. To do so, only the telephone connection needs to be disconnected. If the fax machine cannot be disconnected from the rest of the network, you should by all means wait for updates from the manufacturer and quickly install them.

The VDE Institute tests the information security of your systems and devices

Data protection is very important at VDE
Glebstock /
2022-08-30 Testing + Certification

Cyber security is an urgent problem on many levels. Unprotected systems and connected devices can make entire networks vulnerable to attackers from the outside. Personal and sensitive data in particular must be protected. The VDE Institute offers all relevant tests related to information security. By doing what hackers do, we find the weak points and potential attack points on your system or products. Data protection testing and functional security are also included in our tests.

Read more

Current Information about the VDE Institute