At the CCC talk Yaniv Balmas and Eyal Itkin explained how your HP printer is connecting to an domain which is not in control by HP.
This is shocking and yes, you should block that domain if you don’t want Yaniv and Eyal to be able to keep track of you.
In this talk, they discuss:
We all know what FAX is, and for some strange reason most of us need to use it from time to time. Hard to believe its 2018, right?
But can FAX be something more than a bureaucratic burden? Can it actually be a catastrophic security hole that may be used to compromise your entire network? Come watch our talk and find out …
Unless you’ve been living under a rock for the past 30 years or so, you probably know what a fax machine is. For decades, fax machines were used worldwide as the main way of electronic document delivery. But this happened in the 1980s. Humanity has since developed far more advanced ways to send digital content, and fax machines are all in the past, right? After all, they should now be nothing more than a glorified museum item. Who on earth is still using fax machines?
The answer, to our great horror, is EVERYONE. State authorities, banks, service providers and many others are still using fax machines, despite their debatable quality and almost non-existent security. In fact, using fax machines is often mandatory and considered a solid and trustworthy method of delivering information.
What the Fax?!
We embarked on a journey with the singular goal of disrupting this insane state of affairs. We went to work, determined to show that the common fax machine could be compromised via mere access to its fully exposed and unprotected telephone line – thus completely bypassing all perimeter security protections and shattering to pieces all modern-day security concepts.
Join us as we take you through the strange world of embedded operating systems, 30-year-old protocols, museum grade compression algorithms, weird extensions and undebuggable environments. See for yourself first-hand as we give a live demonstration of the first ever full fax exploitation, leading to complete control over the entire device as well as the network, using nothing but a standard telephone line.
This talk is intended to be the canary in the coal mine. The technology community cannot sit idly by while this ongoing madness is allowed to continue!
The world must stop using FAX!
Watch the complete talk (skip to 26:45 to see the URL):