In the wake of some high profile cyber attacks, some organizations have returned to using fax for sending sensitive information. This might seem odd, given the advancements in email security. Which seems to beg the question, is fax more secure than email?
Reverting back to an older technology might feel counterintuitive, as we have a habit of viewing newer as better. Especially when it comes to new technologies. But there are good reasons to rely on fax rather than email.
Is Fax More Secure than Email?
Fax is more secure than email, in many regards. The main thing that can make fax more secure than email is the limited exposure to the internet and internet connected devices. Fax machines communicate through phone lines, which are harder to access than public internet connections.
Fax machines are also much less useful to a cybercriminal if they are breached. Gaining access to a fax machine gives a cybercriminal very little ground to stand on, except devices that are connected to the fax machine’s immediate network.
Conversely, gaining access to an email account gives a bad actor access to any other account associated with that email address, unless that account is protected with two-factor authentication.
Additionally, fax is less susceptible to cyber attacks caused by social engineering. It’s relatively easy to get someone to click a link in an email. But it’s far more difficult to trick someone into giving away passwords or other credentials using a fax machine.
The bottom line is that, while fax is not hack proof, it is more secure than email for almost every use case. That security just comes at the cost of convenience.
Where Email Falls Short
The struggle with email is that accounts are extremely connected. Users access their email through computers and smartphones. Those devices are connected to the internet and other local networks. And email addresses often double as usernames for other accounts.
From a security standpoint, email puts a lot of eggs in one basket. Unfortunately, email addresses are relatively easily compromised. Passwords are leaked and stolen every day. And phishing emails frequently cause severe security breaches.
For all its convenience and capability, email can be a bit too connected. Which makes closing all the security gaps challenging. And a breached email account can easily result in a cascade of other security breaches that compromises every system within an organization.
Where Fax Picks Up the Slack
Fax is more secure than email simply because it’s less connected. Many fax machines still connect to a legacy phone line. Yes, modern fax machines can connect through an internet connection, using a SIP trunking protocol.
But, even then, fax machines tend to be connected to fewer networks and secondary devices. In most cases, it’s more difficult to access a fax machine at all. And, if a fax machine is breached, it causes fewer secondary breaches.
There are a couple of ways to exploit fax connections. But the security gaps associated with fax machines are easier to cover than the security issues that come with email.
Can Fax be Hacked?
Fax machines can be hacked. It’s possible to send a malicious script to a fax machine, disguised as an image or printable text file. When the fax machine executes that script, it enables the criminal to access any networks or devices the fax machine is connected to.
However, this is rather challenging, especially if the fax machine is connected to a legacy PSTN (Public Switched Telephone Network) line. But it can be done. And security breaches have occurred using fax machines as a conduit to compromise other networks and devices.
This security flaw in fax technology, known as “Faxsploit,” can be and has been addressed. Advancements in fax security, and cybersecurity overall, have provided efficient solutions to the Faxsploit flaw.
Advancements in Fax Security
Originally, fax machines weren’t protected by firewalls because there was no need for it. The first fax machines had to be manually operated by a person.
But then we started connecting computers and printers to fax machines, and sending faxes over the internet using IP networks. That’s what made Faxsploit possible.
However, firewalls can now be configured to protect fax machines. And internal network security best practices are easy to apply to fax machines.
Fax machines generally send very minimal information, just connection and data requests, really. They primarily only need to receive information. That makes it simple to set up fax machines on severely limited connections that allow very little two-way data transfer.
This isolates fax machines from other devices on the network. So, if your fax machine is breached, the bad actor can’t use the fax machine to distribute malicious code to other devices.
Send Secure Faxes Over Private IP
There is one other way that secure information can be accessed through fax: man in the middle attacks.
Even though it’s relatively simple to mitigate the risk of a breached fax machine, the data in a fax can still be intercepted while it’s in transit. And it’s very difficult for fax machines to encrypt information before sending it.
So fax data can be quite vulnerable during transit, especially if you send a fax over the internet with a SIP connection (which is what most modern fax machines do). The only way to totally protect faxes is to send them through private, encrypted connections.
Even if a bad actor intercepts the fax data, the encryption stops the criminal from using that data. And sending faxes through a private IP network makes it nearly impossible for criminals to intercept the fax data in the first place, because your data never touches the public internet.
Ultimately, fax is more secure than email as long as you configure your local network correctly and send fax over a private, encrypted network.
Share on Social