Security Advisories

Fax Security

A lot of attention is put in to computer security these days, but there are many ways that information can be lost to unauthorized parties. The FAX (Short for facsimile) machine has been around a long time. Some of the initial designs were done during the 19th centry with the first commercial service being set up between Paris and Lyon in 1865. In 1964 Xerox introduced a version that was commercially viable for business, and the format grew from that point. Unfortunatly the FAX format has not kept up with the security requirments of the modern world in many ways. Here are some possible ways that your data could end up in the possession of a third party

  1. A misdialed, or misconnected call can send the FAX to the wrong number. Usually the odds of hitting another FAX machine should be low, unless the number is in a bank of FAX numbers such as you would find with a FAX service.
  2. FAX machines which use a thermal film printer will leave an impression of the document on the film which will be thrown in the trash. This would be an issue with the receiving machine, not the sending machine, so even if you buy a laser or inkjet type machine you could still be vulnerable when the receipient disposes of their used film cartridge.
  3. Unless someone is standing by the machine to pick up the document, it may be left there for some time, for anybody to read.
  4. Multi function devices often use a hard drive which will store copies of the documents. These hard drives need to be wiped before the machine is returned or disposed of. Since most people don’t know this, it is seldom done.
  5. Most FAX transmissions are unencrypted since encryption would require keys to be shared at both ends. This makes FAX transmissions vulnerable to wiretaps.
  6. FAX transmissions through third party services are spooled through servers which an unknown number of people have access to. With the number of hosting companies that are springing up, and services being moved out of country where our laws do not apply there is no guarantee what may be done with the data. We have seen some evidence that at least one fax host service may be using information from the faxes for marketing or other purpose.

These things should be considered when you look at the information you are about to send by FAX. What would be the impact if it were in the hands of someone other than the person you are sending it to?

For a consultation please call us at 310-310-320-5708 or contact us