[lvh]

Good point--you're talking about the embedded handset or something else? That said, as you hint at: not quite the same thing from a threat model perspective :)

[floatingatoll]

Indeed!

That depends entirely on whether the handset is physically disconnected by the on-hook switch, or if a firmware exploit could remotely enable it.

Threat modeling a fax machine in the era of fuzzing-RCEs is a particularly interesting thing to consider.