Hardware & Technical Doom Playing Printer - another vector for malware

GuruNot

GuruNot
Some clever chaps have managed to hack a Canon Printer and replace the firmware with code that runs doom. The details of this can be found here .

If the printer can be reconfigured to run a game, then getting it to run a piece of spyware / malware in a custom firmware is not stretching it too far.

Canon should be patching the issue soon, so if you have a Canon Pixma Printer keep an eye out for a new firmware release.
 

Cmdr Andy B

Cmdr Andy B
I'd say possible but unlikely as the only way i could think of to get a user to update the firmware would be a spearfishing attack - get the user to install the compromised firmware themselves.
 

GuruNot

GuruNot
AndyB(EDB50) said:
I'd say possible but unlikely as the only way i could think of to get a user to update the firmware would be a spearfishing attack - get the user to install the compromised firmware themselves.
Click to expand...

The firmware update process queries an internet based location. You can modify DNS Settings and the proxy server used for updating firmware.

A quote from the blog "This interface does not require user authentication allowing anyone to connect to the interface. At first glance the functionality seems to be relatively benign, you could print out hundreds of test pages and use up all the ink and paper, so what? The issue is with the firmware update process. While you can trigger a firmware update you can also change the web proxy settings and the DNS server. If you can change these then you can redirect where the printer goes to check for a new firmware. "

If you can tell it where to get the firmware from and you can craft a modified firmware (which is possible) no user intervention is required at all.

There will be a Metasploit package for it soon enough.
 
Last edited:

Zargor

Zargor
The problem is people see these devices as what they are merchandised as - printers, mp3 players, multimedia tvs - but they are computers, with a cpu, ram, non-volatile memory and often network connection.

Until whoever produces Consumer Electronics starts to treat them properly, this kind of stuff will become more and more common...I shudder to think what could be possible with stuff runnin traffic lights, electric power, water or god knows what else.
 

GuruNot

GuruNot
Zargor said:
The problem is people see these devices as what they are merchandised as - printers, mp3 players, multimedia tvs - but they are computers, with a cpu, ram, non-volatile memory and often network connection.

Until whoever produces Consumer Electronics starts to treat them properly, this kind of stuff will become more and more common...
Click to expand...

Aye, The Internet Of Things . Convenient and useful, but unfortunately be used for bad as well. Hacking of Webcams on Televisions is another recent similar issue.
 

Im_Lost

I
When I suggested that printers were a vulnerability at work last year they thought I was crazy! It's all coming true! This is only the beginning, we're all gonna die!!
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom