Beware of Old Fax Machines and All-in-One Printers

Telephone lines serve as a gateway for hackers: unlike data lines, they are not protected by special protection mechanisms. Here are some tips from the VDE Institute.

Old fax machines and all-in-one printers with integrated fax function pose a potential risk of cyber attacks. If a hacker sends faxes with malicious code, for example disguised as an image file, to an all-in-one printer with fax function, the code takes the machine "out of time" and provokes a memory overflow. This allows the attached malware to run and allow criminals unhindered access to the entire network.

"Many all-in-one printers also have a fax function," explains Alexander Matheus, Senior Expert in the field of smart technologies at the VDE Institute. "The malicious thing about these attacks is that the "receiving" of the malicious fax is not necessarily visible on the machine. Warning tones are not emitted either." This type of attack is applicable to many fax machines because the telephone lines, unlike the other data lines, are not protected or monitored by special protection mechanisms.

 The VDE Institute therefore recommends deactivating unused fax machines or the fax function for all-in-one devices. To do this, simply disconnect the telephone connection. If it is not possible to disconnect the fax machine from the rest of the network, users should wait for updates from the manufacturer and then install them quickly.

"The example of fax machines clearly shows that companies, organizations, and authorities, but also consumers, must constantly consider and evaluate all possible communication channels," says the VDE expert. "Companies and authorities must develop a security concept that they must regularly review and revise because the attack scenarios are constantly changing. Outdated devices and used communication protocols must also be evaluated again and again to see whether they still meet the requirements".