Your All-in-one Printer/Fax is a Security Exposure

The Chaos Computer Club Conference (I’m not sure which “C” they drop – but it is CCC) is Germany’s answer to DefCon and Black Hat. What The Fax?! Hacking your network likes it’s 1980 again. The conference is in Germany, but the presentation is in English.

This is a really interesting hack, if you are interested in that kind of thing. And if you have an HP inkjet printer with Fax capability you should update the firmware. And everyone should stop using Fax. (This is only the first vulnerability and only in HP. But more are sure to come.)

The current standards for Fax Machines were defined in 1980 by the ITU. (Mostly unchanged.) And so, of course, there are security vulnerabilities, that allow an attacker to take over a printer, turn around and use it to attack the network it is attached to.

Actually the admonition to stop using Fax… Most Japanese households use fax because of the nature of their “alphabet.” And the lack of support for anything like a typewriter. UK’s NHS is the largest purchaser of fax machines, but they are trying to phase them out, but given that every all-in-one-printer has a fax built in, I think that is a losing proposition.