OfficeJet all-in-one printers can be hacked by a fax

walden, system, systems, walden systems, accordion, backup, back up,back, up, ransom, ware, ransomware, data, recovery, critical, protection, remote, virtual, cloud, computing, desktop, ciel, cielview, view, vm, machine, vdi, infrastructure, server, paas, saas, platform, service, software, serverless, thin, client, workspace, private, public, iaas, cloud, terminal, ssh, developer, java, objective, c, c++, c#, plus, sharp, php, Excel, sql, windows, os, operating, system, o.s., powershell, power, shell, javascript, js, python, py, networks, faq, perl, pl, programming, script, scripting, program, programer, code, coding, example, devel, stored, procedure, sp, macro, switch, hub, router, ios, net, .net, interpreter socket, nas, network storage, virus, security



     Hackers can send a fax to HP OfficeJet all-in-one printers to gain access to your network. Hackers can take advantage of HP's implementation of a commonly used fax protocol to cause a static buffer overflow. The static buffer overflow could allow code to be executed remotely. The vulnerabilities were released in the National Institute of Standards and Technology's ( NIST ) bulletin CVE-2018-5925 and CVE-2018-5924. Yaniv Blamas, team lead for malware research at Check Point, was able to take control of the the OfficeJet all-in-one printer just by sending an encoded fax. Once the team gained complete access to the fax machine, they were able to utilize EternalBlue to gain access to the network.

     Even though fax machine users have been delining over the years, many companies including hospitals, banks, and legal companies still depend on them for signature requirements. There are 46 million fax machines still in use today world wide. This can allow hackers to gain very sensitive information from the breached networks.




     The security vulnerability is due to Group 3 ( G3 ) fax protocols support, which is part of the ITU T.30 standard for sending and receiving color faxes. This protocol defines the basic capabilities required from the sender and the receiver, while also defining the different phases of the protocol. The fax vulnerability is exploited during the receiving handshake. According to Check Point's research team, they were able to trigger the stack buffer overflow by sending a 2GB XML to the printer over TCP port 53048. The team noticed that color faxes are stored as .jpg instead of the normal .tiff format. This is relevent because unlike, .tiff files, which send meta-data in the header which is examined by the receiver for data continuity and sanitation, .jpgs are not. When a fax received a color fax, it simply sotres the entire contents of the file without any sanitation checks. When the color fax data is received, OfficeJet printers uses a custom JPEG parser to interpret the fax data uses a custom jpeg parser to interpret the day instead of using the usual libjpeg parser.

     To help protect yourself against the attack, update your all-in-one to the latest firmaware and keep up to date with security patches for your workstations, and other network connected devices. HP has released patches for both vulnerabilities and information can be found here.