New Exploit “Faxploit” affects HP OfficeJet All-in-One Printers

Security researchers have recently demonstrated at the security conference DEF CON 2018 a vulnerability that can be exploited via HP OfficeJet All-in-One Printers.  It is being dubbed “Faxploit” by the researchers, Eyal Itkin and Yaniv Balmas.  The attack takes advantage of security flaws in the implementation of the fax protocol used by OfficeJet printers, making many businesses susceptible to the attacks.

The researchers have stated that for this particular exploit, all the attackers need is a fax number to exploit the vulnerability, which they can then hijack the network and all systems connected to it.  They then can infect the network with their malware or even worse, outright steal your business’ important data.  Researchers have said that the impact of this exploit is not a small one as it is surveyed that businesses have actually increased their fax usage by almost 82% in 2017, so even with many new technologies, fax is still one of the most used ways to move documents.

Faxploit is yet another example where unsecured devices that businesses use on a daily basis can result into vulnerabilities in their network that many cyber criminals can use to steal data or hold them ransom.  Especially now that the Internet-of-things (IoT) ready devices are getting more and more mainstream, attackers are finding more ways to hit businesses where they are at least protected since this is more or less still in the beginning phases.   These threats can stay longer in the system due to the device’s inability to protect itself, making attacks stealthier and more destructive to the organizations network.

However, HP has released patches for the vulnerabilities (CVE-2018-5924 and CVE-2018-5925) and users are recommended to apply the firmware updates to make sure they will not be affected.

For those who are interested in a more proactive approach for these types of attacks, Trend Micro’s managed detection and response service allows customers to investigate security alerts without the need to hire qualified incident response staff. It provides alert monitoring, alert prioritization, investigation, and threat hunting services to Trend Micro customers. By applying artificial intelligence models to customer endpoint data, network data, and server information, the service can correlate and prioritize advanced threats. Trend Micro threat researchers can determine the extent and spread of the attack and work with the customer to provide a detailed remediation plan.

To learn more about “Faxploit” you may read Trend’s original article here, or you may contact us at 893-9515 and we will be happy to answer your inquiries!