The office printer is a dark place for many. It normally sits in the musty corner of the office, the place everybody hates to go, but has to go when paper needs duplicating. Nobody will ever mention it, but it’s usually good practice to never touch the glass top by hand as there may be some rear DNA smeared all over it. If only there was something that could help pass the time while waiting for all those copies to complete…
Thankfully, there may well be! A hacker by the name of Michael Jordon (not the basketball player) has gone ahead and tricked a Canon Pixma printer into running the original Doom game.
Sure, it must be an absolute nightmare to play, but DOOM ON A PRINTER PEOPLE! One would think this sort of thing was done for some good old fashioned giggles. It wasn’t. Jordon is trying to show just how much of a security vulnerability a printer can be (PC Gamer via The Guardian).
“While you can trigger a firmware update you can also change the web proxy settings and the DNS server. If you can change these then you can redirect where the printer goes to check for a new firmware.”
“So what protection does Canon use to prevent a malicious person from providing a malicious firmware? In a nutshell – nothing, there is no signing (the correct way to do it) but it does have very weak encryption.”
Well, I honestly never expected something like that. I have just covered my printer with a blanket because I fear Skynet might be watching my every move! Let’s not forget that Doom was also made to run on an ATM. Ok everybody, stop placing the game on every piece of hardware. You are making Skynet’s job so much easier…
Thankfully, Canon are aware of the issue, and will be providing a fix (via Context):
“We thank Context for bringing this issue to our attention; we take any potential security vulnerability very seriously. At Canon we work hard at securing all of our products, however with diverse and ever-changing security threats we welcome input from others to ensure our customers are as well protected as possible.
We intend to provide a fix as quickly as is feasible. All PIXMA products launching from now onwards will have a username/password added to the PIXMA web interface, and models launched from the second half of 2013 onwards will also receive this update, models launched prior to this time are unaffected. This action will resolve the issue uncovered by Context.”
Good job Canon! It does make you wonder what other pieces of hardware might pose security threats though. Honestly, a printer was the last thing I would have thought of. I can’t even look my keyboard in the eye anymore. Every keystroke could well be sending information to Skynet itself!
Last Updated: September 16, 2014