back

What The Fax?!

Hacking your network likes it's 1980 again

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
00:46:54
Language
English
Abstract
We all know what FAX is, and for some strange reason most of us need to use it from time to time. Hard to believe its 2018, right?

But can FAX be something more than a bureaucratic burden? Can it actually be a catastrophic security hole that may be used to compromise your entire network? Come watch our talk and find out …

Unless you've been living under a rock for the past 30 years or so, you probably know what a fax machine is. For decades, fax machines were used worldwide as the main way of electronic document delivery. But this happened in the 1980s. Humanity has since developed far more advanced ways to send digital content, and fax machines are all in the past, right? After all, they should now be nothing more than a glorified museum item. Who on earth is still using fax machines?

The answer, to our great horror, is EVERYONE. State authorities, banks, service providers and many others are still using fax machines, despite their debatable quality and almost non-existent security. In fact, using fax machines is often mandatory and considered a solid and trustworthy method of delivering information.

What the Fax?!

We embarked on a journey with the singular goal of disrupting this insane state of affairs. We went to work, determined to show that the common fax machine could be compromised via mere access to its fully exposed and unprotected telephone line – thus completely bypassing all perimeter security protections and shattering to pieces all modern-day security concepts.

Join us as we take you through the strange world of embedded operating systems, 30-year-old protocols, museum grade compression algorithms, weird extensions and undebuggable environments. See for yourself first-hand as we give a live demonstration of the first ever full fax exploitation, leading to complete control over the entire device as well as the network, using nothing but a standard telephone line.

This talk is intended to be the canary in the coal mine. The technology community cannot sit idly by while this ongoing madness is allowed to continue!

The world must stop using FAX!

Talk ID
9462
Event:
35c3
Day
1
Room
Borg
Start
8:50 p.m.
Duration
00:40:00
Track
Security
Type of
lecture
Speaker
Yaniv Balmas
Eyal Itkin
Talk Slug & media link
35c3-9462-what_the_fax

Talk & Speaker speed statistics

Very rough underestimation:
155.6 wpm
851.0 spm
While speaker(s) speak(s):
162.1 wpm
892.4 spm
152.6 wpm
849.1 spm
166.0 wpm
910.2 spm
100.0% Checking done100.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
0.0% Nothing done yet0.0%
  

Work on this video on Amara!

Talk & Speaker speed statistics with word clouds

Whole talk:
155.6 wpm
851.0 spm
faxprinterthingfirmwarehpsendunderstandfilebytesfinddatanetworkgoodcompressiontodayyanivlaughterdebuggercalledstuffcodemachinestimeexploitapplausebalmasstartbitt.30pointmachinebasicallyprintersdocumentprotocolvulnerabilitycontrolprintvulnerabilitiesmemorysidedefinesphaseentirescoutwindowinterestingsecurityeyalwork
While speakers speak:
162.1 wpm
892.4 spm
faxprinterthingsendfirmwareunderstandhpfilebytesfindlaughtercompressiondatatodaygoodcalledcodedebuggerbitstuffnetworktimepointmachinet.30printexploitcontrolstartprotocoldocumentyanivmachinesmemoryapplausedefinesentirewindowphaseworksbasicallyprettytablestatelongvulnerabilitiesprintersoperatingsysteminteresting
Eyal Itkin:
152.6 wpm
849.1 spm
Yaniv Balmas:
166.0 wpm
910.2 spm