Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II
‎08-13-2018 02:42 PM
‎08-13-2018 02:42 PM

Fax attack!

When I was doing virus research we were forever getting reports of malware hidden in graphics files.  Aside from the fact that it is trivially easy to embed anything in a Microsoft OLE format file, we generally found that such reports were unfounded: it's just not that easy to put malware into graphics.  (Not impossible, mind, just not that easy.)

 

(After a while we tended to file such reports along with hoax viruses and metaviruses.)

 

And, lots of people have had questions about faxes over time.

 

Turns out that a combination of poor fax protocols (made at a time when fax machines had no other functions) plus the implementation of fax into machines that are computerized mean that you can now craft malicious fax transmissions that will compromise a fax machine.  And, possibly, the network to which it is connected.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Reply
0 Kudos
3 Replies
DAlexander
Newcomer III
‎08-13-2018 10:17 PM
‎08-13-2018 10:17 PM

Reminds me of a proof of concept I read once where copy machines were exploited through a poorly secured process that was designed to send maintenance and supply information to the vendor.  The technical details were interesting but I found the scenario business case interesting as well.

 

Company X and Company Y are in competition for a lucrative contract.  Both have proposals to the potential customer in the near future.  Y exploits the vulnerability in X's copy machine weeks prior to the proposal and programs it to secretly forward digital copies of whatever is scanned by X's machine to Y's proposal development team as valuable intelligence.  Then, to further sabotage their victim, Y inserts code to cause X's machine to overheat, begin smoking, and set off the fire sprinklers thereby causing X to miss their proposal.

Reply
0 Kudos
Caute_cautim
Community Champion
‎08-14-2018 03:12 AM
‎08-14-2018 03:12 AM

It is very relevant subject indeed:

 

https://faxauthority.com/glossary/black-fax/

 

https://www.theinquirer.net/inquirer/news/3061034/fax-machine-flaw-leaves-tens-of-millions-of-device...

 

https://www.computerweekly.com/news/252446742/Millions-of-businesses-vulnerable-to-fax-based-cyber-a...

 

https://www.bbc.com/news/technology-45083774

 

A very interesting subject, has it been proven in the field or it just a Black Hat conference item?

 

Regareds

 

Caute_cautim

 

 

 

Reply
0 Kudos
Caute_cautim
Community Champion
‎08-16-2018 04:59 PM
‎08-16-2018 04:59 PM

Additional information:

 

https://blog.checkpoint.com/2018/08/12/faxploit-hp-printer-fax-exploit/?utm_source=newsletter&utm_me...

 

Interesting read, a bit like Bruce Schneier's law: 

 

"The term Schneier's law was coined by Cory Doctorow in a 2004 speech.  The law is phrased as:
Any person can invent a security system so clever that he or she can't imagine a way of breaking it. "

 

Caute_cautim

Reply
0 Kudos