Ever felt the need to play classic games on your printer? No? Neither have we, but apparently a talented security researcher named Michael Jordan has.
Jordan, who said that the whole thing took him around 4 months to get running, has managed to hack a wireless Canon Pixma printer and get it to successfully run iD’s classic old-school FPS Doom.
The project was meant to demonstrate the various security issues present in the devices that form what people call the “internet of things”.
Most modern printers nowadays, including Canon’s Pixma range, can be accessed through the internet, so users can see the printer’s status and pending documents as well as avoid the need for all those fussy and annoying cables. Mr Jordan, who works in the information security business, thought that Canon had done a shoddy job of securing this method of monitoring your printer through the internet.
“The web interface has no user name or password on it,” he said.
What this means is that anyone could look at the status of anyone’s device once they found it.
“A check via the Shodan search engine suggests there are thousands of potentially vulnerable Pixma printers already discoverable online”, he continues. “There is no evidence that anyone is attacking printers via the route.”
Initially this remote access feature doesn’t really seem like a problem; and it wouldn’t be, if it wasn’t possible to update the printer’s firmware (the software that controls the printer) through this same interface.
Although the firmware was encrypted, research revealed that it was actually possible to crack this protection system and reveal the raw computer code. Reverse engineering the encryption system used by Canon also meant that if Mr Jordon wrote his own firmware the printer should accept it as legitimate. Mr Jordan decided to prove his suspicions by getting the printer to run the 1993 classic.
“The printer has a 32-bit Arm processor, 10 meg of memory and even the screen is the right size. I had all the bits, but it was a coding problem to get it all running together,” Jordan explained.
According to Jordan, the toughest problem was that the printer’s firmware didn’t have the same functions that are normally provided by an operating system (or OS) on any PC or other device Doom had previously run on – Either way he persevered. Writing the code and getting it running apparently took up months of Mr Jordon’s free time, and he finally got it to run (with a few colour palette problems) two days before he was supposed to give a speech about the work at the UK’s 44Con hacker conference.
Soon after, Jordan revealed his findings via a blog entry. Canon has said they intend “to provide a fix as quickly as is feasible”.
This will involve adding a username and password field to the web interface for future Pixma printers, and issuing an update for existing owners to add the same feature.