Researchers at Israeli IT security company Check Point Software Technologies have identified a major vulnerability in fax machines that could allow hackers to tap into a company's network and steal sensitive files, CNBC reports.
Standalone fax machines are no longer used by many companies, however, fax functions are still common features in all-in-one printers, and fax remains a popular way for healthcare organizations to share sensitive patient data.
In a Check Point report published Aug. 12, a team of researchers was able to exploit security flaws in a Hewlett Packard all-in-one printer to fax it lines of malicious code disguised as an image file. After the file was decoded and stored in the printer's memory, the researchers were able break into the computer network that the printer was connected to.
Although HP fixed the vulnerability before Check Point released its report, other non-HP branded all-in-one printers could still have similar security flaws.
Faxing is done over a phone line, which creates a "new attack vector," the Check Point researchers told CNBC. To mitigate this risk, the researchers recommend companies segment their computer network into sub-networks, which would allow them to store sensitive data on a network that's not connected to a printer or fax machine.