Security researcher Michael Jordon spent four months using a security flaw in Canon printers to run the classic 1993 video game Doom.
In a blog post for Context Information Security, Jordon explains how he was able to change the way a Canon PIXMA MG6450 printer receives software updates. This allowed him to remotely change what is displayed on the small colour screen on the printer. Instead of printing test pages, Jordon chose to use the printer to run a version of the classic first-person shooter game “Doom.”
It’s not a perfect version of the game, and the colours aren’t quite right, but the Canon printer can indeed run Doom. According to the BBC, Jordon only managed to get the game running on the printer just two days before the 44con hacker conference at which the hack was presented.
While it is funny seeing a printer running Doom on its 3 inch screen, the research done by Michael Jordon shows that there’s a serious flaw in the way that the Canon PIXMA printer connects to the internet. The printer doesn’t require a password to access the online control panel, which could open up thousands of printers to internet attacks. One attack on the printer could involve installing software that monitors every document sent to the infected printer.
Jordon’s wider point is that the world is filling up with “smart” objects and devices that form a connected “internet of things.” They often don’t look like computers, and they often have minimal security features guarding them against hacks.
In a statement to Context Information Security, Canon promised to fix the vulnerability in future models of the Pixma printer:
We intend to provide a fix as quickly as is feasible. All PIXMA products launching from now onwards will have a username/password added to the PIXMA web interface, and models launched from the second half of 2013 onwards will also receive this update, models launched prior to this time are unaffected. This action will resolve the issue uncovered by Context.