Recent Fax Exploit Discovered on HP Multi-Function Devices
If you’re reading this, you’ve likely seen the headlines of the recent fax exploit where a research group successfully compromised an HP Multi-Function fax machine using nothing more than a telephone line. While their research was undoubtedly eye-opening, similar headlines and statements claiming that the “T.30 protocol itself has been compromised” are categorically false; a bit of drama designed to make headlines.
More specifically, the researches were clearly able to demonstrate the exploit by exposing a weakness/flaw in software developed internally at HP, rendering it vulnerable when handling color/JPEG faxes. If you own HP equipment in your organization, please be sure to apply security patches available from HP immediately to avoid these HP fax vulnerabilities.
This type of attack is a reminder that much of today’s office equipment attached to our networks are indeed computing devices, capable of causing potential harm and disruption to your business if not managed properly. Whether it’s a networked thermostat, printer device or music player in our home, both businesses and individual users of such products should always be mindful of security issues and updates whenever possible.
As for etherFAX, rest assured that your devices and connected systems are completely safe within our network. The etherFAX network and systems are not vulnerable to such an attack of this nature and further isolates our customers from such nefarious activity. It’s just one more reason why using etherFAX is a wise choice.
If you are interested to read further on the research and the NIST detail analysis on this subject, you may refer to these additional resources:
CVE-2018-5924 Detail: https://nvd.nist.gov/vuln/detail/CVE-2018-5924
CVE-2018-5925 Detail: https://nvd.nist.gov/vuln/detail/CVE-2018-5925
Center Point Research: https://research.checkpoint.com
Please contact us if you have any questions or concerns.