14 DAY TRIAL // An intrepid security expert decided to get a little creative with his exploits, demonstrating the flaws in Canon's Pixma printers by installing and running id Software's first-person shooter Doom on one.
Context Information Security Analyst Michael Jordon demonstrated a security flaw that allowed him to connect to a printer and have it remotely access a server, download and install a copy of Doom and play it on its LED display.
Although it's not the first time such a product is cracked by a hacking guru, having id Software's legendary shooter run on a Canon Pixma printer is definitely the most creative and exciting method of showcasing a product's security vulnerabilities.
How to train your printer
"Canon Pixma wireless printers have a web interface that shows information about the printer, for example the ink levels, which allows for test pages to be printed and for the firmware to be checked for updates," Jordon explains.
He discovered that the interface, however, does not require any sort of authentication to access, which means that anyone able to access it would be able to print countless test pages (or at least until the printer runs out of ink).
Now, the interesting bit is that the interface allows you to check for firmware updates, but it also allows you to change the default location that the printer uses to look for the update.
This means that you can create a custom firmware that spies on everything the printer can access, and can even be used as a gateway into the networks that the printer is on.
Jordon opted to showcase the devastating effects that security breaches can have by installing a 20-year-old pixelated shooter on a Canon Pixma printer.
If you're curious how the thing looks, you can take a look at Doom running on the printer here.
The aftermath
"If you can run Doom on a printer, you can do a lot more nasty things. In a corporate environment, it would be a good place to be. Who suspects printers?" Jordon told The Guardian.
Canon offers very little protection against such attacks, as there is no signing in, and the encryption system used to protect access is very weak, taking a security expert no time at all to crack.
The good thing about this is that Canon is already working on a fix that will be retroactively fitted on all printers launched from the second half of 2013 onwards.
"We thank Context for bringing this issue to our attention; we take any potential security vulnerability very seriously. At Canon we work hard at securing all of our products, however with diverse and ever-changing security threats we welcome input from others to ensure our customers are as well protected as possible," the company stated.
In case you're afraid that you might be exposed to such attacks due to printers in the future, you need not worry. Canon is on top of things.
"All PIXMA products launching from now onwards will have a username/password added to the PIXMA web interface, and models launched from the second half of 2013 onwards will also receive this update, models launched prior to this time are unaffected. This action will resolve the issue uncovered by Context," the company assured.