> Using the HP Officejet Pro 6830 all-in-one printer as a test case, we were able to demonstrate the security risk that lies in a modern implementation of the fax protocol. Using nothing but a phone line, we were able to send a fax that could take full control over the printer, and later spread our payload inside the computer network accessible to the printer.
We believe that this security risk should be given special attention by the community, changing the way that modern network architectures treat network printers and fax machines. From now on, a fax machine should be treated as a possible infiltration vector into the corporate network.
This is a great piece of research and a beautiful write up which is extremely accessible to anyone interested in how these attacks are developed.
The twist at the end, of bundling NSA exploits for complete network takeover all starting from a faxed JPEG file with a malformed header, is icing on the cake.
We believe that this security risk should be given special attention by the community, changing the way that modern network architectures treat network printers and fax machines. From now on, a fax machine should be treated as a possible infiltration vector into the corporate network.
This is a great piece of research and a beautiful write up which is extremely accessible to anyone interested in how these attacks are developed.
The twist at the end, of bundling NSA exploits for complete network takeover all starting from a faxed JPEG file with a malformed header, is icing on the cake.