Cyber-security researchers have managed to run the classic 90s computer game Doom on an Internet-enabled Canon printer after hacking its web interface.
In a blog post, head of research at Context Information Security Mike Jordon describes how the Canon Pixma printer’s web interface required no authentication for access allowing the researchers to take control of the device and use up ink by printing out hundreds of copies of test pages.
More importantly, weak encryption and a lack of any digital signatures on the device’s firmware, coupled with the ability to alter where the device downloads firmware from through the web interface, allowed the researchers to download the game Doom onto the printer.
According to Jordon, a more malicious actor could easily have updated the printer with a Trojan image to spy on documents being printed and establish a gateway into the printer’s network.
“This latest example further demonstrates the insecurities posed by the emerging Internet of Things (IoT) as vendors rush to connect their devices,” said Jordon, who presented the techniques used to compromise the printer at the cyber-security conference 44Con in London this morning
“The printer’s web interface did not require user authentication, allowing anyone to connect to it. But the real issue is with the firmware update process.
“If you can trigger a firmware update you can also change the web proxy settings and the DNS server; and if you can change these then you can redirect where the printer goes to check for a new firmware update and install custom code – in our case a copy of Doom.”
The feat is part of a wider project undertaken by Context to demonstrate the security issues surrounding Internet-enabled devices proliferating in the average home – which involved hacking a smart light bulb, an IP camera, a network attached storage device and even a child’s web-connected rabbit toy.
After auditing a sample of 9,000 of the 32,000 IPs that the website Shodan says may have a vulnerable printer, Context found that 1,822 responded and 122 indicated they may have a firmware version that could be compromised – roughly 6 per cent.
“Even if the printer is not connected directly to the Internet behind a NAT (network address translation) on a user’s home network or on an office intranet, for example, it is still vulnerable to remote attack,” added Jordon.
“We are not aware of anyone actively using this type of attack for malicious purposes but hopefully by raising awareness, we can encourage vendors to increase the security of this new generation of devices.”
Context recommended that wireless printers or any other IoT devices are not connected to the Internet and that they are always updated with the latest available firmware.
Canon said in a statement: “We thank Context for bringing this issue to our attention; we take any potential security vulnerability very seriously. At Canon we work hard at securing all of our products, however with diverse and ever-changing security threats we welcome input from others to ensure our customers are as well protected as possible.
“We intend to provide a fix as quickly as is feasible. All Pixma products launching from now onwards will have a username and password added to the Pixma web interface, and models launched from the second half of 2013 onwards will also receive this update, models launched prior to this time are unaffected. This action will resolve the issue uncovered by Context.”