The Israeli company Check Point Software is currently warning of a security gap in fax-capable multifunction devices that can be misused as a gateway to the company network.
How do faxploit attacks work?
The Check Point researchers demonstrated their attack on an HP “OfficeJet Pro 6830”, which was connected to the telephone network via an analogue fax line. During the reverse engineering of the device software, they came across an insecure software library. They were able to “overflow” this by means of a manipulated fax using a classic hacker technique, and then store and execute two NSA tools for attacks on company networks on the device.
No security gap with Retarus
If you send and receive faxes via Retarus, you can continue to do so calmly. Multifunction devices connected to our fax infrastructure do not require a fax card or an analog line (this is one of the things that make Retarus Cloud Fax so attractive). Reverse engineering of our software-based fax solution is also virtually impossible because the infrastructure is not publicly accessible. Last, but not least: when receiving faxes, we generate the headers (markers) for both TIFF and JPEG ourselves. A hidden payload would be deleted and not processed at all, so we can rule out a faxploit attack for fax reception via Retarus..
Faxploit is therefore no reason to worry – but one more for secure and sustainable faxing via Retarus Cloud Fax.