Faxsploit will target your grandpa!

[Levisallanon]

source: https://www.tomsguide.com/us/hp-printer-fax-hacks-defcon26,news-27795.html

Last sunday at Defcon 26 some researchers revealed you can hack fax machines now. and it's not just any old fax machine.

Most HP all in ones seem to be affected by it.

The fax protocol is pretty old already and hasn't really been changed. So almost every all in one which has been released since ever will use the same implementation. But:

So by just having a all in one printer with faxing capabilities they can target you by your fax number and enter your network.
If you have an HP all in one please check this message to see if yours is affected:
https://support.hp.com/us-en/document/c06097712
And make sure you update the firmware. And please also check your grandparents because they are most likely to still use fax and not being able to update the firmware of their device.

This attack works on any recent HP OfficeJet printer," Balmas said, which might be only a slight exaggeration. A security bulletin issued by HP earlier this month lists some 150 printer models, not just OfficeJets, that are affected by this flaw and need to have their firmware updated.

In July 2017, news broke of a remote-code-execution vulnerability in the SOAP protocol
[...]
Among other things, the researchers' HP all-in-one printer used SOAP.

But we where lucky because Fax is pretty old, so the vulnarabilities in SOAP weren't that bad for use as they explain here:

Using that flaw, the researchers were able to send a malicious fax that created a buffer overflow in a SOAP operation. The catch was that it required 2GB of data, which took about seven minutes of continuous transmission over the telephone lines.

But fax also supports color transmition. And while the black and white transmission uses the TIFF image format the color transmission uses the JPEF format.
Jpeg needs decompression and in this decompression they where able to implement the SOAP vulnarability too.

[Sauron]

In other news, messenger pigeons could be vulnerable to cross site scripting!

[Unhelpful]

1 minute ago, Sauron said:

In other news, messenger pigeons could be vulnerable to cross site scripting!

And targeted aerial projectiles fired at a great speeds. 

 

And rocks.

[Levisallanon]

5 minutes ago, Sauron said:

In other news, messenger pigeons could be vulnerable to cross site scripting!

If you implement RFC1149 well it shouldn't right?
 

4 minutes ago, JoeyDM said:

And targeted aerial projectiles fired at a great speeds. 

 

And rocks.

That's just considered package loss :).

[Taf the Ghost]

This is like a major crisis for Japan.

 

That isn't a joke.

[Cindex]

Welp time to go hacking some AIOs

[PlayStation 2]

Motherfucker, my printer is affected.

[rcmaehl]

RIP the entire Legal and Healthcare fields. Pretty much the only places that still use fax machines

[GoldenLag]

We should stop being faxeted on this

[rcmaehl]

Just now, GoldenLag said:

We should stop being faxeted on this

Your dad puns are nothing but a faxade

[handymanshandle]

@Dan Castellaneta sure glad I bought a canon printer

[Castdeath97]

3 hours ago, Levisallanon said:

If you implement RFC1149 well it shouldn't right?
 

That's just considered package loss :).

 

Absolutely killed me there:

Quote

Because IP only guarantees best effort delivery, loss of a carrier can be tolerated. With time, the carriers are self-regenerating.

 

 

[TechyBen]

14 minutes ago, pinksnowbirdie said:

@Dan Castellaneta sure glad I bought a canon printer

@TechyBen Wonders if he should open his new one... it has been sitting there in the box, glaring at him for days.

[Tog Driver]

It's time we start accepting the  fax. . .

I mean facts. . .

[mynameisjuan]

At the same point how many people even know how faxing works anymore? Let alone hack it. 

 

*yes I know its popular, we still have 2,000 fax numbers*

[descendency]

4 hours ago, rcmaehl said:

RIP the entire Legal and Healthcare fields. Pretty much the only places that still use fax machines

Oh there is a bigger one that also loves their fax machines... 

 

... The US Government. 

[YedZed]

6 hours ago, Sauron said:

In other news, messenger pigeons could be vulnerable to cross site scripting!

If you think about it, that old horror movie trope is basically just a DDOS attack!

[handymanshandle]

2 hours ago, TechyBen said:

@TechyBen Wonders if he should open his new one... it has been sitting there in the box, glaring at him for days.

lol mine is a few years old.

Pixma MX452 *cough* @Dan Castellaneta

[PlayStation 2]

3 minutes ago, pinksnowbirdie said:

lol mine is a few years old.

Pixma MX452 *cough* @Dan Castellaneta

rood

[Terryv]

7 hours ago, rcmaehl said:

RIP the entire Legal and Healthcare fields.

No joke, lots of sensitive information goes via fax.

 

Can old faxes (sent or received) stored in memory be stolen?

 

If so, my wife's office will need a stand-alone non-networked fax.

[Levisallanon]

10 hours ago, Terryv said:

No joke, lots of sensitive information goes via fax.

They should really consider if this is safe at all because fax is unencrypted in the first place. A wire tab would show the contents of the fax.

10 hours ago, Terryv said:

Can old faxes (sent or received) stored in memory be stolen?

In theory the first approach they showed could be used but you might notice it because the fax would be receiving for almost 30 minutes. But if the fax is also on outside business hours they might be able to access it. if it indeed stores older messages in the memory they would be able to extract that.

10 hours ago, Terryv said:

If so, my wife's office will need a stand-alone non-networked fax.

A fax needs to be on the phoneline to receive messages and they access it by the fax protocol itself, so it would still be vulnerable. You need to have a fax with updated firmware to prevent this attack.

[Levisallanon]

For people who want to know more about it. The talk is now live!

[rcmaehl]

3 hours ago, Levisallanon said:

For people who want to know more about it. The talk is now live!

Necromancy is illegal in most countries.

[Levisallanon]

9 minutes ago, rcmaehl said:

Necromancy is illegal in most countries.

Asking for a friend: in which country/countries is it allowed then?

But the talk is really worth it to watch if you are into hacking etc. that's why I added it to the topic. They go over the whole process of how they found it and give a live demo at the end.

[rcmaehl]

3 hours ago, Levisallanon said:

But the talk is really worth it to watch if you are into hacking etc. that's why I added it to the topic. They go over the whole process of how they found it and give a live demo at the end.

It probably is. IMO the forums need a Cyber Security section but I can already predict it'd be full of "how do hack the facebooks?" threads