Printer giant Canon is to provide a security fix “as quickly as is feasible” after a researcher exploited vulnerabilities in one of its wireless PIXMA products to run the classic shoot ‘em up game Doom on its colour display.
Security researcher Michael Jordon told the BBC in an interview, “Running Doom: that’s real proof you control the thing. The web interface has no username and password on it.”
Digital Trends said that the vulnerability, which allows access to printer controls via an unsecured web page, highlighted the problems not just of printer security, but that of the entire emerging “internet of things.”
Canon said that all new products would have a fix added as soon as possible, and that the fix would retroactively apply to products launched from 2013 onwards.
“At Canon we work hard at securing all of our products, however with diverse and ever-changing security threats we welcome input from others to ensure our customers are as well protected as possible,” the firm said.
Printer security: Deeper worries?
A search using Shodan (a specialist search engine which finds specific types of devices connected to the internet), revealed thousands of unsecured machines connected directly to the internet.
“This interface does not require user authentication allowing anyone to connect to the interface. At first glance the functionality seems to be relatively benign, you could print out hundreds of test pages and use up all the ink and paper, so what?” Jordon writes.
He said that the problems (and the opportunity to run Doom) arose when you use the online interface to update the firmware, and raised serious printer security issues.
Persuading the printer to run Doom took “months”, he admits, but the issue is a serious one. Even printers not directly connected to the internet can fall victim, he said, by persuading their owners to click on a bogus link.
Vulnerable to remote attack
Jordon writes, “Even if the printer is not directly accessible from the Internet, for example behind a NAT on a user’s home network or on an office intranet, the printer is still vulnerable to remote attack.”
“A colleague (thanks Paul Stone) demonstrated this by making a web page that first scans the local network for vulnerable printers (using a technique called JavaScript port scanning). Once the printer’s IP address has been found, the web page sends a request to the web interface to modify the proxy configuration and trigger a firmware update.”