Canon PIXMA Printer Hacked to Demonstrate Vulnerability of ‘Internet of Things’

doomIn an experiment intended to expose the security vulnerabilities of an interconnected “Internet of Things,” Context Information Security researcher Michael Jordan hacked the touch-screen interface of a Canon PIXMA color inkjet printer to run the video game “Doom.”

Jordan explains, “This blog post is another in the series demonstrating current insecurities in devices categorized as the ‘Internet of Things.’ This installment will reveal how the firmware on Canon PIXMA printers (used in the home and by SMEs) can be modified from the Internet to run custom code. Canon PIXMA wireless printers have a Web interface that shows information about the printer, for example the ink levels, which allows for test pages to be printed and for the firmware to be checked for updates.”

However, Jordan explains that the PIXMA’s Web interface doesn’t require user authentication, allowing anyone to connect to the interface.  He says the issue is with the firmware-update process over the Internet. Hackers can not only print hundreds of pages, but also trigger a firmware update enabling them to change the printer’s Web proxy settings and the DNS server. If these can be changed, then the hacker can redirect where the printer goes to check for new firmware, and there’s nothing to prevent a malicious person from providing malicious firmware.

Jordan says that although there is “very weak encryption,” he was able to circumvent it, leaving open the possibility of hackers creating their own custom firmware, and updating the printer with a Trojan image that spies on the documents being printed, or is used as a gateway into their network.  Jordan opted to update the printer with a classic 1990s video game, “Doom,” for demonstration purposes.

Canon Inc. responded by stating that future versions of the printer will have username and password authentication for the Web interface, releasing this statement: “We thank Context for bringing this issue to our attention; we take any potential security vulnerability very seriously. At Canon we work hard at securing all of our products, however with diverse and ever-changing security threats we welcome input from others to ensure our customers are as well protected as possible.

We intend to provide a fix as quickly as is feasible. All PIXMA products launching from now onwards will have a username/password added to the PIXMA Web interface, and models launched from the second half of 2013 onwards will also receive this update, models launched prior to this time are unaffected. This action will resolve the issue uncovered by Context.”

More Resources

%d bloggers like this: