Fax machines' custom Linux allows dial-up hack
Don't laugh. Epson printer/fax machines dating back to 1999 have this problem
Party like it's 1999, phreakers: a bug in Epson multifunction printer firmware creates a vector to networks that don't have their own Internet connection.
The exploit requirements are that an attacker can trick the victim into installing malicious firmware, and that the victim is using the device's fax line.
The firmware is custom Linux, giving the printers a familiar networking environment for bad actors looking to exploit the fax line as an attack vector. Once they're in that ancient environment, it's possible to then move onto the network to which the the printer's connected.
Yves-Noel Weweler, Ralf Spenneberg and Hendrik Schwartke of Open Source Training in Germany discovered the bug, which occurs because Epson WorkForce multifunction printers don't demand signed firmware images.
The researchers tested their exploit on the Epson WF-2540 MFP, but reckon most WorkForce and Stylus devices are likely to be vulnerable. Since these units date back to 1999, “huge amounts” could be vulnerable.
“We were able to craft and install a malicious firmware image implementing a backdoor using the built-in data/fax modem. This backdoor may serve as a bridge head in to a network otherwise not connected to the internet,” they write.
“With a basic understanding of the firmware format and checksums, an attacker can create malicious firmware images including backdoors and malware for the devices.”
Epson has told the researchers it will publish security guidance for customers. ®