Networked Fax Vulnerabilities

[thatch]

This maybe a really dumb question but does anyone know if there are any vulnerabilities of a fax machine that is also connected to the network?

[brokencrow]

...google it.

[thatch]

Have done, and although i can see various vulnerabilitis with certain models of desk based faxes or fax software thats listed on secunia, i cant find a site that tells me if it's possible to get networked access from dialing into a fax machine that has a network a network.

Cheers for the advice though.

[mohaughn]

Well that question is a bit more specific. And again, it really depends on the device. If it is purely a fax machine and strictly follows the standards dictated for fax devices, ITU-T t.2, t.30, and t.4, it will not have the capability for an interactive session.

Meaning that the two fax machines connect, they do their handshake to determine what compression and modulation the signal will use, and then the sending fax machine starts sending the compressed image. The only thing the receiving machine sends back is acks on the data, and a final ack before disconnecting. You would not be able to send a command to the fax machine and then expect it to send something other than an ack back to you.

Now having said that there are many all in one devices, or modems that also function as fax machines. And vendors have been known to expand the capabilities of devices beyond what they were originally intended for.

I've been supporting digital fax solutions for a few years and I've never heard of any way to do what you are asking. If anything the only way I have seen network printer or fax machine exploited is by finding a problem in the TCP/IP implementation or an issue with the built in "server" functions such as the print spooler, fax conversion, etc..

[thatch]

Thats great. Thanks.

[jockey0109]

I too agree with mohaughn but may I tell you one simple thing? It was some 2 years back when I was trying to know how windows XP could be used as a FAX machine and gooling it through.....i accidently happend to open up the configuration of a XEROX Fax which was infact a MFD. Since a lotof things have changed in GOOGLE since then and I dont exctly rmember what I did....coz I was completekly newbie then! All I knew was that to seach something we use google...I didnt have the idea of what a KEYWORD is...so I can tell you how it happened...But I think that if the device is an MFD, something can be done about it coz they do a Lot in trasfering data than the simple devices.

I think that if someone gets able to change or infect the driver of the MFD to which the machine is connected to, One can gain access to all the data passing though it in both directions.