Security flaws can be demonstrated in many ways, and usually it is pretty boring to watch and read about. Not so this time, as Michael Jordon shows us how to play Doom on a Canon Pixma wireless printer. Using a security flaw in the printers web administration-interface, he was able to run doom on the printers very own LED display.
Like it is with so many connected smart devices, these printers lack the most basic forms of security out of the box. While it does use a simple encryption, there is no pre-setup passwords and it is a plain login method that is used. Normally the worst someone could do after hacking your printer, would be to print thousands of test pages until the ink cartridges become empty. Not so in this case, as this is a lot worse. Michael Jordon learned that he not only could update the firmware at will, he could even tell the printer what location to get the firmware from.
This flaw has big potential, if one were to build a custom firmware and sneak it onto a device with the security flaw. Not only would it allow the hacker to spy on anything that is printed and otherwise going on inside the network, he could further use it as a bridge and gateway to infect other systems on the network
“If you can play Doom on a printer, you can do a lot more nasty things,” Jordon said while Canon provided the following statement regarding the issue:
“We thank Context for bringing this issue to our attention; we take any potential security vulnerability very seriously. At Canon we work hard at securing all of our products, however with diverse and ever-changing security threats we welcome input from others to ensure our customers are as well protected as possible.
We intend to provide a fix as quickly as is feasible. All PIXMA products launching from now onwards will have a username/password added to the PIXMA web interface, and models launched from the second half of 2013 onwards will also receive this update, models launched prior to this time are unaffected. This action will resolve the issue uncovered by Context.”
If you’d like to see a video of Jordon playing Doom on the printer display, you can follow this link to the MP4 file. The display might not support all the colours of the game, but there is no doubt about what game it is.
Thank you Contextis for providing us with this information
Images and video courtesy of Contextis