The Trojan Fax

Publish date:

The fax machine is ancient history. Or so you thought. According to recent studies, there are still 45 million fax machines hooked up globally. And there’s a good probability that you and your business are among the 300 million people with fax numbers.

Which means: Your fax can be hacked.

As reported at Fortune‘s Brainstorm Tech Conference last month, a so-called “Cyber 9/11” could impact American infrastructure like air traffic, power grids, etc. On a smaller but just as critical scale for boat dealers, vulnerabilities via fax numbers could allow hackers to not only steal money from accounts but access a lot more data.

Stay with me. Just because the old, standalone fax machine is no longer around doesn’t make you immune from hacking. That ancient fax has likely been replaced by a popular all-in-one printer connected to a WiFi network and PSTN (regular phone line). It’s the basic service most people have at home and, most likely, in your boat dealership.

Unfortunately, a savvy remote attacker can simply send a specially crafted image file via fax to exploit your printer’s vulnerabilities and literally seize control of your business or home network. According to Check Point Research, a leading cyber threat intelligence provider, the hacker can then access every file in your network. Even information held by others, like your trading accounts or other financial records, could be stolen.

These days, most efforts to keep information safe focus on areas where the most sensitive data is kept, like dealership customer info or financial data. While that makes sense, it also means you’re probably doing nothing about low-tech machines like the all-in-one-printer. That leaves a back door open for hackers to access the same information.

They just dial your fax number, send a few lines of malicious code as an image and voila, they’ve hacked your most sensitive data.

Most dealerships have all-in-one printers with fax function, but with the dominance of email, fax technology is rarely used. That is where Check Point’s personnel were able to exploit vulnerabilities of most offices. No one was checking incoming faxes. Therefore, nobody caught the malicious file.

As the administrator for the Centers for Medicare and Medicaid Services (CMS), Seema Verma oversees one of the largest federal agencies administering vital healthcare programs to over 100 million Americans. Verma recently called for digital health information to replace fax machines in physician’s offices for sending out confidential patient information.

Specifically, Verma said Medicare beneficiaries need to connect their claims data to consumer-friendly applications, services and research programs they can trust. “If I could challenge software developers with a mission, it’s to help make doctors’ offices fax-free zones by 2020,” Verma said.

There’s no doubt cybersecurity is a pressing issue these days, from Russian meddling in elections to that easy-to-remember email password we haven’t changed for years. HP reportedly fixed the vulnerability in the all-in-one printer that Check Point’s researchers tested. But what about all the other brands that aren’t immune to the threat?

Remember, a hacker only needs a fax number to launch a malicious attack that will exploit a flaw in the printer. To make sure it doesn’t happen to your business, I’d recommend you talk with your IT people today. 


NMMA Confirms Industry Growth

NMMA president Frank Hugelmeyer said the boating business grew 12 percent last year during yesterday’s virtual State of the Boating Industry address.

Newport Show Dates Announced

Organizers are planning for an in-person Golden Anniversary edition of the show Sept. 16-19.

Quick Hits: March 5, 2021

The National Association of Manufacturers names Brunswick Corp. CFO Ryan Gwillim to its Board of Directors.

Caught Red-Handed

Two commercial fishermen were jailed for possessing an illegal haul that included 100 undersized lobster tails, which is a felony. Also, fisheries management gets new funding.

Bennington Expands Operations

The pontoon builder plans to add jobs at its new facility in Elkhart County, Ind., and increase manufacturing output.

KVH Industries Names CFO

Longtime telecom financial executive Roger A. Kuebel assumes the position that COO Brent Bruun had held in an interim capacity.