Tech Expert Makes Point About (Bad) Security In The Internet Of Things By Hacking A Printer To Run Doom

The more appliances and devices there are out there with internet connections, the more hackers will be able to find security vulnerabilities in those appliances. One security expert found a particular hole that let him remotely install any software onto a whole line of popular printers. How to make a true point about what someone can accomplish with remote access to your devices? Make it run full-fledged video games.

A security expert named Michael Jordon in the UK found a vulnerability on the Canon Pixma printer, the BBC reports. And when he found that vulnerability, he realized the processor capacity, available memory, and screen resolution on the printer were sufficient to run older PC software. And so he did what anyone with a few months to spare wrangling the trickier bits of code might do: he hacked a printer to run Doom.

Like many modern devices, the printers in question have an interface that can be accessed remotely via a web connection. So if you’re upstairs and the printer is downstairs, or if you’re at work and the printer is giving someone else at home some grief, you can look into it. Very convenient. But also very accessible by anyone at all if not properly secured.

And it wasn’t. “The web interface has no username or password on it,” Jordon told the BBC, let alone any stronger encryption. And from there, he discovered that users could use the web interface to remotely update a printer’s firmware.

The firmware was encrypted, but easy to crack, and so Jordon had the idea of replacing it with Doom. The coding was the difficult part, Jordon said; it took him four months to get it working properly. He finished just in time do give a presentation on it at 44Con, a hacker conference in the UK. He also shared the full details of the hack in a blog post.

A scan conducted by the security group found thousands of potentially vulnerable printers connected to the web worldwide.

In a statement, Canon thanked the hacker team for bringing the vulnerability to their attention and said, “we take any potential security vulnerability very seriously. … We intend to provide a fix as quickly as is feasible. All PIXMA products launching from now onwards will have a username/password added to the PIXMA web interface, and models launched from the second half of 2013 onwards will also receive this update, models launched prior to this time are unaffected. This action will resolve the issue.”

Running a video game on a printer is an attention-grabbing way to make an important point: the more we move toward the “internet of things,” the more we need to watch out for security on those things. When your car, printer, ceiling fan, drinkware, thermostat, and kitchen appliances all phone home for your convenience, a whole new layer of home security suddenly comes into play. And it’s one that locking your doors can’t really do a thing about.

Canon printer hacked to run Doom video game [BBC News via Business Insider]

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.