Security researchers have raised new fears about the safety of Internet of Things connected devices after hacking the firmware on Canon Pixma printers to run cult 90s game Doom.
The range of wireless printers has a web interface which shows the user information about ink levels and allows the firmware to be checked for updates, according to Michael Jordon of Context Information Security.
“The issue is with the firmware update process. While you can trigger a firmware update you can also change the web proxy settings and the DNS server. If you can change these then you can redirect where the printer goes to check for a new firmware,” he wrote in a blog post.
“So what protection does Canon use to prevent a malicious person from providing a malicious firmware? In a nutshell - nothing, there is no signing (the correct way to do it) but it does have very weak encryption.”
An attacker could theoretically crack that weak encryption and create custom firmware trojan – perhaps to spy on all the documents being printed, or to be used as a jumping off point into the corporate network.
To demonstrate this, Jordon got Doom to run on the printer, displaying in the web interface.
“Even if the printer is not directly accessible from the internet, for example behind a NAT on a user’s home network or on an office intranet, the printer is still vulnerable to remote attack,” he continued.
“The lack of authentication makes it vulnerable to a cross-site request forgery attacks (CSRF) that modify the printer’s configuration.”
Michael Belton, security assessment lead at Rapid7, argued that once the firmware is lost “all bets are off.”
“The fact that this critical functionality is not secure out-of-the-box is a serious flaw in the manufacturer's design,” he claimed.
However, Canon fortunately appears to have responded positively to the research, saying it welcomes such input to improve the protection it can offer customers.
It added, in a statement sent to Context:
“We intend to provide a fix as quickly as is feasible. All Pixma products launching from now onwards will have a username/password added to the Pixma web interface, and models launched from the second half of 2013 onwards will also receive this update, models launched prior to this time are unaffected. This action will resolve the issue uncovered by Context.”