We’ve already seen Doom running on a calculator, so why not a printer?
Security experty Michael Jordon, of Context Information Security, spend four months getting the classic first-person shooter running on a Canon Pixma printer to prove a security flaw in the web-enabled device, reports BBC news.
The Pixma printer has a web interface to check on ink levels and firmware updates remotely. “At first glance the functionality seems to be relatively benign,” said Jordon in a blog entry. “You could print out hundreds of test pages and use up all the ink and paper. So what?”
The security issue comes with the ability to update the printer’s firmware remotely. With some online tinkering, it’s possible to change the location the printer goes to for its firmware update. “So we can therefore create our own custom firmware and update anyone’s printer with a Trojan image which spies on the documents being printed or is used as a gateway into their network,” said Jordon.
Getting Doom running on the printer through custom firmware wasn’t straightforward. Even after four months of working on the project in his spare time, Jordon told the BBC that “the colour palette is still not quite right.”
The Canon Doom project isn’t going to progress any further, either, as Jordon’s had enough. “I’m so sick of it,” he said. “I’m done.”
Fun aside, Jordon’s Doom hack exposed a potentially widespread security weakness, with Context estimating that there are at least 2000 vulnerable models connected directly to the Internet. Canon is now working to add a user name and password feature to its Pixma web interface for existing affected products and will make this standard in the future.
Context recommends that you “do not put your wireless printers on the Internet.”