No one really likes them, but printers are actually more sophisticated than you might give them credit for. Given the right circumstances, hackers can take advantage of those guts. One recently did just that with a classic hack that never gets old: Make it run Doom.
British hacker Michael Jordon recently cracked the encryption in a Canon Pixma printer and got the machine to play the classic demon-shooter. That little display that you would usually use to tell your printer to collate or whatever is now home to Doomguy blasting hellspawn with his BFG. Jordon himself admits, “The colour palette is still not quite right.” But everything else basically works.
“The printer has a 32-bit Arm processor, 10 meg of memory and even the screen is the right size,” Jordon told the BBC. “I had all the bits, but it was a coding problem to get it all running together.”
The real coding problem, though, is on Canon’s end. This kind of thing should not be possible. However, Jordon noticed that Canon did a bad job securing the web portal that enables you to access your printer. How bad of a job? “The web interface has no user name or password on it,” he said. Whoops
The problems ran deeper, too. Jordon quickly realised that if he could talk to the printer over the internet, he could also upload software to it, if he could break the machine’s encryption system. He did — pretty easily, too. Uploading Doom was just the best (and most harmless) way he could think of show how these printers could be hijacked remotely.
Like a good white hat, Jordon informed Canon of the vulnerability earlier this year and presented his research to the UK’s 44Con hacker conference a few days ago. The company says it’s working on a patch. In the meantime, let me know if anybody can get GoldenEye to run on their printer, because that’s the only way to one up this hack. [Context via BBC]