cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Champion

Fax attack!

When I was doing virus research we were forever getting reports of malware hidden in graphics files.  Aside from the fact that it is trivially easy to embed anything in a Microsoft OLE format file, we generally found that such reports were unfounded: it's just not that easy to put malware into graphics.  (Not impossible, mind, just not that easy.)

 

(After a while we tended to file such reports along with hoax viruses and metaviruses.)

 

And, lots of people have had questions about faxes over time.

 

Turns out that a combination of poor fax protocols (made at a time when fax machines had no other functions) plus the implementation of fax into machines that are computerized mean that you can now craft malicious fax transmissions that will compromise a fax machine.  And, possibly, the network to which it is connected.


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
3 Replies
Newcomer III

Re: Fax attack!

Reminds me of a proof of concept I read once where copy machines were exploited through a poorly secured process that was designed to send maintenance and supply information to the vendor.  The technical details were interesting but I found the scenario business case interesting as well.

 

Company X and Company Y are in competition for a lucrative contract.  Both have proposals to the potential customer in the near future.  Y exploits the vulnerability in X's copy machine weeks prior to the proposal and programs it to secretly forward digital copies of whatever is scanned by X's machine to Y's proposal development team as valuable intelligence.  Then, to further sabotage their victim, Y inserts code to cause X's machine to overheat, begin smoking, and set off the fire sprinklers thereby causing X to miss their proposal.

Community Champion

Re: Fax attack!

Community Champion

Re: Fax attack!

Additional information:

 

https://blog.checkpoint.com/2018/08/12/faxploit-hp-printer-fax-exploit/?utm_source=newsletter&utm_me...

 

Interesting read, a bit like Bruce Schneier's law: 

 

"The term Schneier's law was coined by Cory Doctorow in a 2004 speech.  The law is phrased as:
Any person can invent a security system so clever that he or she can't imagine a way of breaking it. "

 

Caute_cautim