RightFax Mitigates MFP Fax Vulnerability
Leverage RightFax’s powerful MFP connectors
Check Point Software Technologies, a leading cyber security firm, released a report this week demonstrating that they were able to exploit a vulnerability found in a multi-function printer (MFP) that could be used to gain access to a corporate network. The exploit relies on directly processing incoming faxes with an all-in-one device that is both connected to the Public Switched Telephone Network (PSTN) through a phone line and to the internal corporate IP network via an ethernet connection.
The cyber security team was able to send a malformed JPEG fax directly to a Hewett-Packard MFP and execute unauthorized code on the device using a hacking technique called “buffer-overflow”. This exploit can be used to then attack the internal network. Remember that this vulnerability requires that the MFP be connected to the outside world and your internal network. If compromised, the MFP can then act as a bridge, allowing hackers to bypass network firewalls and access protected information directly.
We recommend that all customers disconnect their MFP fleet from the PSTN, and instead leverage RightFax’s powerful MFP connectors to securely send and receive faxes. RightFax, running on a fully patched Windows server, will provide your organization with the strongest possible protection from the buffer-overflow exploits that were exposed in the Check Point report. It is important to note that RightFax also does not by default allow JPEG image transmission.
RightFax provides organizations with extensive fax security tools:
- Secure FoIP Channels
- Encryption Module
- Active Directory Integration
- Extensive auditing Capabilities
- Powerful Rules Engine
If you have any concerns regarding the security of your MFPs or any of your fax processes, please reach out to our team of fax experts for a full fax workflow review.
If you would like to learn more or speak to one of our dedicated RightFax experts, please contact us using the request button below or call us directly at 866-730-1700.