Jordon said that Canon Pixma wireless printers have a web interface that shows information about the printer, for example the ink levels, which allows for test pages to be printed and for the firmware to be checked for updates.
He found that the interface doesn’t need any sort of authentication to access and while you would think that the worst that anyone could do is print off hundreds of test pages and use up all of the printer’s ink, Jordon found a hacker could do a lot more damage.
The interface lets you trigger the printer to update its firmware. It also lets you change where the printer looks for the firmware update.
A hacker could create a custom firmware that spies on everything that printer prints, it can even be used as a gateway into the network.
To show what was possible Jordon got the printer to run Doom.
Canon offers very little protection against this. If you can run Doom on a printer, you can do a lot more nasty things. In a corporate environment, it would be a good place to be.
Who suspects printers? Well other than Nigel from accounts and he thinks aliens are trying to take over the coffee machine.
Canon has promised that it is working on a fix and is taking a chainsaw to the problems highlighted by Contecxt.
“All PIXMA products launching from now onwards will have a username/password added to the PIXMA web interface, and models launched from the second half of 2013 onwards will also receive this update, models launched prior to this time are unaffected,” Canon said.