Hacker exploits printer Web interface to install, run Doom


Doom on a printer’s menu screen! Personally, we can’t wait until someone makes Descent playable on a toaster. Context Internet Security On Friday, a hacker presenting at the 44CON Information Security Conference in London picked at the vulnerability of Web-accessible devices and demonstrated how to run unsigned code on a Canon printer via its default Web interface. After describing the device’s encryption as “doomed,” Context Information Security consultant Michael Jordon made his point by installing and running the first-person shooting classic  Doom on a stock Canon Pixma MG6450. Sure enough, the printer’s tiny menu screen can render  a choppy and discolored but playable version of id Software’s 1993 hit, the result of Jordon discovering that Pixma printers’ Web interfaces didn’t require any authentication to access. “You could print out hundreds of test pages and use up all the ink and paper, so what?” Jordon wrote at Context’s blog report about the discovery , but after a little more sniffing, he found that the devices could also easily be redirected to accept any code as legitimate firmware. A vulnerable Pixma printer’s Web interface allows users to change the Web proxy settings and the DNS server. From there, an enterprising hacker can crack the device’s encryption in eight steps, the final of which includes unsigned, plain-text firmware files. The hacking possibilities go far beyond enabling choppy, early ’90s gaming: “We can therefore create our own custom firmware and update anyone’s printer with a Trojan image which spies on the documents being printed or is used as a gateway into their network,” Jordon wrote. Read 4 remaining paragraphs | Comments

Read More:
Hacker exploits printer Web interface to install, run Doom


Please enter your comment!
Please enter your name here


This site uses Akismet to reduce spam. Learn how your comment data is processed.