Cybersecurity Blog

Cybersecurity researchers from across Georgia Tech and the Georgia Tech Research Institute share their thoughts about emerging threats, trends, and technologies in the constant fight to secure data and information systems. Read what's capturing their attention and new insights they offer about cybersecurity topics in the news.

Blog entires are aggregated monthly into the Source Port newsletter, with additional research and updates from Georgia Tech. Source Port is published on the first business day of the month.

 


Fax-Printer Combo Machines Leave Networks Vulnerable
 

August 24, 2018  |  By Joel Odom

Check Point Research demonstrated that combination fax-scanner-printer machines allow an attacker to use the listening telephone line connected to a fax feature to attack networks to which these machines are connected. The vulnerability, named "Faxploit," allows an attacker to embed malicious software in a specially-crafted fax. The malware executes on the victim's fax machine, allowing the attacker to use the fax to pivot to the network to which it is connected. Check Point demonstrated the power of the vulnerability by using a fax machine to take full control of computers on the same network as the all-in-one machine by having the fax utilize the Eternal Blue exploit.

 

IISP Analyst Joel Odom: "I don't know why it took so long for someone to come up with the idea of doing a vulnerability check of this attack vector. After all, modern fax machines are just computers that listen for incoming data over a phone line.  When the machines take a call and receive data, they must parse a complex protocol with plenty of attack surface. As Check Point puts it, 'from an attacker’s point of view this is a jackpot, as finding a vulnerability in a complex file format parser looks very promising.'

In the cybersecurity world we often hear the mantra, 'complexity is the enemy of security.'  I like to restate this as 'clever ideas are the enemy of security.' The fax protocol, with its ability to embed different image file formats, is a clever protocol.  The idea of creating an all-in-one machine that can print, fax and scan is a clever idea. When these clever ideas appeared on the scene in the 1990's and 2000's, cybersecurity was much less on the mind of engineers than it is now, so I imagine that little thought was given to the attack surface these machines presented. For years they have sat in office mail or print/copy rooms, occasionally used but largely forgotten. How many other clever ideas from years past lie dormant, waiting for attackers to use them in surprising attacks? How many new clever ideas are engineers implementing today that open unexpected vectors for attack?"

 

Past Posts


Prevalence of DNS Interception by Autonomous Systems
August 22, 2018

Lack of LTE Data Integrity Allows Attackers to Control Mobile Connections
July 30, 2018

Always-On Tech Will Chill Democracy Without Cyber Trust
June 28, 2018

Carpenter vs U.S. Gives New Privacy Coverage for Locational Data
June 26, 2018

Supreme Court Moves to Tax Online Sales
June 25, 2018

When EU Copyright Laws Lean 'Copywrong'
June 25, 2018

Microsoft Document Provides Insight into Tech Giant's Philosophy for Addressing Vulnerabilities
June 22, 2018

New Malware 'VPNFilter' Takes Advantage of Three Convenient Truths
May 30, 2018

A Top Cyber Post Goes Vacant
May 30, 2018

Georgia Vetoes Hacking Bill... For Now
May 29, 2018

About the Analysts

​Farzaneh Badiei is a research associate at the School of Public Policy and executive director of Internet Governance Project (IGP) who research interests include online private justice systems, Internet governance and accountability, online intermediaries and dispute resolution, as well as cybersecurity and digital trade. After earning her Ph.D. from the University of Hamburg, Institute of Law and Economics, she worked at the United Nations' Internet Governance Forum Secretariat and chaired the Noncommercial Users Constituency at ICANN.

 

 

Holly Dragoo is a research associate with the Advanced Concepts Laboratory (ACL) at the Georgia Tech Research Institute. Her previous work with the U.S. Department of Defense and Federal Bureau of Investigation give her a unique understanding of intelligence community requirements. Dragoo’s research interests include cybersecurity policy issues, threat attribution, metadata analysis, and adversarial network reconstruction. More By Holly

 

 

Panagiotis Kintis is a Ph.D. student at Georgia Tech's School of Computer Science and a researcher in the Astrolvaos Lab. His research examines new techniques for data analysis and cyber attribution with special focus on clues that can be obtained from the network layer of the Internet, such as bot activity and domain name abuse (combosquatting). More by Panos

 

 

Brenden Kuerbis, Ph.D., is a postdoctoral researcher at Georgia Tech’s School of Public Policy and a former Fellow in Internet Security Governance at the Citizen Lab, Munk School of Global Affairs, University of Toronto. His research focuses on the governance of Internet identifiers (e.g., domain names, IP addresses) and the intersection of nation-state cybersecurity concerns with forms of Internet governance. More by Brenden

 

 

Joel Odom leads a team of researchers focused on software security as branch head for the Cybersecurity, Information Protection, and Hardware Evaluation Research (CIPHER) Laboratory at the Georgia Tech Research Institute. He and his team research static and dynamic software analysis, software testing techniques, software reverse engineering, and software vulnerability discovery and mitigation. More by Joel

 

 

Caleb Purcell s a research engineer for the Cybersecurity, Information Protection, and Hardware Evaluation Research (CIPHER) Laboratory at the Georgia Tech Research Institute. His interests in cybersecurity research have been shaped by his background in industrial control system (ICS) environments and have expanded to include reverse engineering, vulnerability assessment of embedded systems, and network protocol analysis. More by Caleb

 

 

Chris M. Roberts is a senior research engineer with the Cybersecurity, Information Protection, and Hardware Evaluation Research (CIPHER) Laboratory at the Georgia Tech Research Institute specializing in embedded firmware reverse engineering and hardware analysis.  Mr. Roberts’ technical expertise has expanded to cover radio frequency system design, electronic and cyber warfare, hardware and firmware reverse engineering, vulnerability assessments of embedded systems and assessment of vulnerability to wireless cyberattacks. More by Chris