Hacker replaces Canon Pixma printer firmware with Doom game

by Mark Tyson on 15 September 2014, 14:15

Tags: Canon (TYO:7751)

Quick Link: HEXUS.net/qaci6b

Add to My Vault: x

Net connected appliances might offer greater user convenience but they are also exposed to remote hacking. This kind of problem is only going to get bigger with the impending wave of devices which will form the Internet of Things (IoT). The remote hacking of a Canon Pixma printer to play Doom on its diminutive colour preview display demonstrates device security vulnerability in a most nerd-attention grabbing fashion.

In an impressive demonstration of how thoroughly net connected devices can be hacked Michael Jordon, from Context Information Security, compromised a Canon Pixma printer and ran Doom upon it. This was the centrepiece of his talk at the 44Con ethical hacker conference in London.

Mr Jordon found that the Canon Pixma printer he used can be accessed via the internet using a web interface to check on queued jobs, device status and so on. The interface has no user name or password and is open to discovery. While this kind of info might not be particularly sensitive Jordon found that the printer firmware was also updatable via this web interface. He reverse engineered the encrypted firmware to reveal the computer code and thus discovered how to replace it with his own firmware which would in turn be accepted as authentic.

The above procedure opened up the printer to all sorts of dodgy hacks, as you could imagine. However, as an ethical hacker, Jordon just wanted to highlight the potential problems in connected devices like the Canon Pixma. "Running Doom, that's real proof you control the thing," he told the BBC.

The hacked Canon Pixma has a "32-bit Arm processor, 10 meg of memory and even the screen is the right size," explained Jordon. He took several months of his spare time to get Doom to run but other than a slightly off colour palette "it runs quite quickly, though it's not optimised," he reflected. He won't be spending more time to fine tune the game as he's "done" with the project.

Canon has responded to Mr Jordon's hack by saying it will fix the vulnerabilities as soon as it can. All new Pixmas and models launched from Q2 2013 will be updated to request a user/pass to make use of the web interface. Earlier models are not affected.

You can read further details about Jordon's hack on the Context blog.

HEXUS Forums :: 15 Comments

Login with Forum Account

Don't have an account? Register today!
As impressive as that is, I have to ask, what was the point?
It's just a proof of concept of how insecure these connected “dumb” devices are. If he was able to reverse engineer the firmware to put doom on it, then it's a much smaller step to reverse engineer some firmware that sends the data that's being printed to a remote location. People print off a lot of personal data to home printers like bank statements, important documents like for taxes, immigration etc. etc.

Imagine how deep identity theft could go just by compromising someone's home printer.
As impressive as that is, I have to ask, what was the point?

to highlight that we are all sleepwalking into having always-connected devices that may contain very sensitive data about us, and theres no form of security on them atall.
and that companies don't always think of security when designing new internet connected devices.

he could easily have added a code that sent a copy of what was being printed to his computer aswell.
or even hacked into the computer it was plugged into via its usb port and use the printer as the route into the companies/home network.

so lots of things that need to be sorted.

unless you are perfectly fine with anyone at anytime being able to look up anything you do online via any of your connected devices.
Wow! Ok I understand. Thanks for the replies.
Hopefully this will make companies realise that security really needs to be stepped up.
16-bit key? Outstanding.