Fax Exploit Discovered on HP Fax Machines – Faxploit
HP fax machines were discovered to have a dangerous weakness, we call this the Faxploit or Fax Exploit. The fax exploit discovered on HP fax machines is specific to HP fax devices only. A well known security research group did successfully compromised an HP Multi-Function fax machine by taking it apart and reverse engineering certain HP specific code. While their research was undoubtedly eye-opening, similar headlines and statements claiming that the “T.30 protocol itself has been compromised” are categorically false; a bit of drama designed to make headlines.
More specifically, the researches were able to demonstrate the Faxploit by exposing a flaw in software developed internally at HP, rendering it vulnerable when handling color/JPEG faxes. If you own HP equipment in your organization, please be sure to apply security patches available from HP immediately.
This type of attack is a reminder that much of today’s office equipment attached to our networks are computing devices, capable of causing potential harm and disruption to your business if not managed properly. Whether it’s a networked thermostat, printer device or music player in our home, both businesses and individual users of such products should always be mindful of security issues and updates whenever possible.
As for etherFAX, rest assured that your connected systems are completely safe within the etherFAX Network. The etherFAX network and systems are not vulnerable to such an attack of this nature and further isolates our customers from such nefarious activity. It’s just one more reason why using etherFAX is a wise choice.
Dialogic has made an official statement about this misleading research as well. You can read their response here: http://blog.dialogic.com/blog/fax-and-the-recent-scare-about-security
If you are interested to read further on the research and the NIST detail analysis on this subject, you may refer to these additional resources:
CVE-2018-5924 Detail: https://nvd.nist.gov/vuln/detail/CVE-2018-5924
CVE-2018-5925 Detail: https://nvd.nist.gov/vuln/detail/CVE-2018-5925
Center Point Research: https://research.checkpoint.com
Please contact us if you have any questions or concerns.