Warning from the VDE
Security risk with old fax machines
Due to its connection to the company network, the fax machine has become a security risk in companies: According to the VDE, telephone lines serve as a gateway for hackers. Unlike data lines, they are not protected by special security mechanisms.
If a hacker sends faxes with malicious code - disguised as an image file, for example - to a fax machine or an all-in-one printer with a fax function, the code causes the machine to "lose its rhythm": A memory overflow is provoked. This allows the attached malware to be executed and gives criminals unhindered access to the entire network. "Faxes are still often sent, especially in the healthcare sector and in public authorities. Many all-in-one printers also have a fax function," says Alexander Matheus, SenioR Expert in the field of smart technologies at VDE. The tricky thing about the attacks is that the "receipt" of the malicious fax is not necessarily recognizable on the device - "Even warning tones are not emitted," says Matheus. This type of attack is applicable to many fax machines, as the telephone lines, unlike the other data lines, are not protected or monitored by special protective mechanisms.
Recommendation of the VDE
The VDE Institute recommends deactivating fax machines that are not in use or the fax function on all-in-one devices. All you have to do is disconnect the telephone connection. If it is not possible to disconnect the fax machine from the rest of the network, users should definitely wait for updates from the manufacturer and then install them quickly. "The example of fax machines clearly shows that companies, organizations and authorities, but also consumers, must constantly consider and evaluate all possible communication channels. Companies and authorities must draw up a security concept that they must regularly review and revise, as the attack scenarios are constantly changing. Outdated devices and communication protocols used must also be constantly evaluated to see whether they still meet the requirements," explains Matheus.
You might also be interested in
Security gaps in tracking apps
Millions of user data hijacked
Tracking apps that parents can use to monitor the whereabouts of their children, for example, have consistent security gaps. They are so big that a hacker can easily create movement profiles of thousands of people.
read more...Cyber security / SSL certificates
Chrome warns of http websites
Website operators who still maintain an http site may be surprised these days that suddenly far fewer visitors are finding their way to them. One reason could be the final phase of Google's ambitious plan to make the internet more secure.
read more...One third of industrial companies with a security incident
According to a recent Kaspersky study, which surveyed 320 cybersecurity managers responsible for industrial control systems worldwide in April/May 2018, 31% of companies had experienced at least one cybersecurity incident in the past year.
read more...No accidental changes to files
CodeMeter 6.80 from Wibu-Systems supports Universal Write Filter (UWF), a Windows option from Microsoft that prevents accidental changes to files, which is particularly important for embedded systems.
read more...Security through network segments
The Microwall Gigabit from Wiesemann & Theis is the first in a series of easy-to-use security products for industry and manufacturing.
read more...Mushroom is the victim of a targeted hacker attack
The automation technology provider Pilz from Ostfildern was the victim of a targeted cyber attack on Sunday, October 13. All server and PC workstations worldwide, including the company's communication network, were affected.
read more...Four out of ten ICS computers are under threat
Kaspersky's latest report on cyber threats for the first half of 2019 shows that 41.2% of ICS (Industrial Control System) computers were exposed to an attack. The energy sector is most frequently affected - including by generic malware.
read more...Kaspersky warns of "ticking time bomb"
More than a third of small companies and more than half of large companies are still using the 'Windows 7' operating system, support for which will expire in five months' time.
read more...Body reaction as a password
Forgot your password? The Paluno Software Technology Institute at the University of Duisburg-Essen (UDE) is researching a new approach that combines biometrics and password protection.
read more...