Casa > cibernético Notícias > Faxploit: Máquinas-Enabled fax facilmente Hacked Usando um número de fax
CYBER NEWS

Faxploit: Máquinas-Enabled fax facilmente Hacked Usando um número de fax

A new hack attack endangering all-in-one printer-fax machines was revealed by Check Point researchers during this year’s DEF CON. o hack, smartly dubbed Faxploit, was tested on HP machines but similar attacks could apply to other vendors and fax-enabled products as well, os pesquisadores alertam. To carry out a successful exploit, attackers only need a fax number.




Faxploit Explained

In a ground breaking new discovery, dubbed ‘Faxploit’, Check Point researchers illustrate how organizations of all sizes, as well as consumers, could be exposed to infiltration by hackers looking to exploit vulnerabilities in fax machine communication protocols.

The only piece of information required to build and carry out this attack is the organization’s fax number – information which in most cases is publicly available on any employee’s business card or company website, disseram os pesquisadores em seu relatório.

Using only a fax number, the researchers were able to penetrate to an entire IT network using vulnerabilities inherent in the fax protocol. This is an entirely “new attack vector in the fifth generation of the cyber threat landscape from which cyber criminals could launch an offensive, targeting industries that hold even the most protected data”.

Two security vulnerabilities have been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack or static buffer overflow, which could allow remote code execution.

All Fax Machines from All Vendors at Risk

Even though this research was focused specifically on all-in-one printer fax machines, a bigger range of devices is at risk because the same communications protocols apply to all fax machines from all vendors. This means that the very same security flaws likely reside in these other devices, também. That’s not where it ends, Apesar, since popular online fax services such as fax2email also run on the same protocol.

Story relacionado: One-of-a-Kind HP Bug Printer recompensa para melhorar a segurança de rede

Printer-Fax Machines Exposing Entire Networks

By having a look at the basic network layout of a corporation, it becomes evident how exploitation of a printer-fax device could lead to a conquest of the rest of the IT network, os pesquisadores notaram, acrescentando que:

De fato, infelizmente, most organizations set up their IT infrastructure based on business and operational needs rather than security considerations and requirements.

It should also be noted that the Faxploit attack is possible even in networks that are completely disconnected from the Internet, due to the leveraging of telephone lines rather than the internet itself to carry out the attack.

HP all-in-one printer fax machines that were used in the research are no longer vulnerable, as the close cooperation with the company ensured a patch for the vulnerability.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...