3

I have recently come out of a meeting with a VoIP sales agent. He mentioned that we would receive eFax with the phones which is, in his words, “…more secure then analog faxing” when I asked him, how it was more secure he mentioned that one of his co-workers was able to access all the data on an analog line within minutes and see everything on the network.

So I mentioned SSL encryption, and it would obviously be possible to see the data if you man-in-the-middle the network with a rogue access point.

However I am not entirely sure if it is possible to encrypt faxes or not. So my question is, this, why is eFax more secure then analog fax (regular faxing) and what security measures can you take to encrypt faxes?

Improve this question
7
  • eFax is not faxing. It's email. efax.co.uk/how-it-works with the possibility for the last leg to be a fax machine. Commented May 23, 2018 at 21:52
  • 1
    Hopefully someone else with more knowledge can weigh in, but from what I understand the two have completely dissimilar sort of threats to worry about. An analog/digital fax has to worry about someone wire-tapping the line and listening in (they have no support for encryption that I know of). An eFax can be handled encrypted with things like SSL, as you mention, but may be attacked with all the attack vectors of any other internet service. You might become collateral damage in a hack, while you'd have to be truly targeted in the analog/digital fax case. Commented May 23, 2018 at 21:52
  • @CortAmmon I started writing an answer, and then I noticed you had written more or less the same things. I'll just add that if that coworker was able to see everything on the network by breaking into an analog fax line then someone there had far bigger problems than fax security. Commented May 23, 2018 at 22:11
  • VoIP and eFax are two different things. VoIP can be more secure if it is well implemented (VLAN separated, devices authenticated using 802.1x) and it can be also encrypted when it traverses the public networks (with some caveats). But if you put MITM device between the fax and switch, you will be to able to capture everything as there is not any encryption between fax and PBX. If you really want to encrypt faxes you have to find a nonstandard device which allows it. But you will need to have it on both sides. Commented May 23, 2018 at 22:34
  • Additionally... when the fax data reaches the eFax gateway it is converted to image and attached to email. Email can be encrypted and signed so no problem when it is sent over public unencrypted networks. Problems are gateways where it depends who manages them. Commented May 23, 2018 at 22:41

1 Answer 1

Reset to default
2

Fax over VoIP (which is normally what eFax means) is not any more secure than Fax over pure analog lines. To clarify, eFax isn't a technical term, it's a marketing term. The underlying Fax is still an inherently analog technology, and the VoIP technology underlying it is merely trying to emulate the analog lines. Normally the other end of the call is often going to be an analog line connected to the PSTN.

Futhermore, the VoIP portion of the call isn't encrypted, is sent over un-encrypted RTP and hopefully T.38 and can pass through multiple carriers before arriving at the destination. There's no reason to think tapping these lines is any more secure than tapping an analog line. Wireshark has nice tools to intercept this traffic if you have a place to sniff.

Without using some sort of proprietary technology on both the sender and receiver, it's not possible to encrypt Fax. If you're concerned about someone intercepting the transmission, the short answer is don't use Fax, use some form of digital communication that's encrypted.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.