

Then Balmas and Itkin discovered that faxes don't just come in black and white. The catch was that it required 2GB of data, which took about seven minutes of continuous transmission over the telephone lines. Using that flaw, the researchers were able to send a malicious fax that created a buffer overflow in a SOAP operation. The flaw was labeled " Devil's Ivy" and involved a buffer overflow, in which memory allocated to a specific process overflows its boundaries and bleeds into other processes, letting the controller of the overflowing process control the others.Īmong other things, the researchers' HP all-in-one printer used SOAP. Once they'd figured that out, Balmas and Itkin had a stroke of luck: In July 2017, news broke of a remote-code-execution vulnerability in the SOAP protocol, a communication used by many web applications.
#Hp smart fax Pc
It turned out the HP all-in-one firmware used a rare compression format used by Softdisk, a Louisiana company that among other things published some of the Commander Keen series of PC games in the early 1990s.
#Hp smart fax pro
The researchers bought an HP OfficeJet Pro 6830 because it was cheap, but they had a hard time learning how its software operated internally until they found an online repository of firmware for almost every device HP has ever made.Įven then, they had a hard time decompiling the binary file, or turning the machine code into something human-readable. But what if you could attack an all-in-one unit over the phone line? Iktin and Balmas showed that you can. Those more modern forms of electronic communication have security measures built in.

Yet this 1980s technology is bundled into millions of office and home all-in-one printers that also have USB, Wi-Fi and often Ethernet and Bluetooth connections. Most businesses in North America have a fax number, and you can even fax the White House. Thirty years later, faxes are still used by ships at sea, by lawyers and bureaucrats, and by the occasional homeowner. It was designed with no security in mind, even though faxes move and handle a substantial amount of data. Fax-machine technology hasn't changed substantially since 1985, Itkin and Balmas explained.
