from the looking-suspiciously-at-my-printer dept.
Printers have been used as an attack vector in the past. This is a new take.
Apparently, the Canon Pixma printers that sport a web interface for their users convenience are so convenient that they forget to ask for a username and password to access it. Besides more benign settings, status reports and diagnostic functions, it is possible to perform a firmware update through this interface as well as change the DNS and proxy settings.
"So what" you ask?
Well... Someone on your network can access the web-interface and change the firmware (or print test-pages en masse), but even if you don't have guests and your Pixma is thought to be not exposed to the outside world via your router, it is possible to launch a cross-site request forgery attack (CSRF) through your browser, change the DNS and/or proxy settings and initiate a firmware update to make the router download a malicious payload.
Michael Jordon demonstrates one such not-so-malicious firmware and goes into further detail in his blog. There's also a video for the TL;DR fans that just want to see his payload.
(Score: 4, Funny) by Horse With Stripes on Wednesday September 17 2014, @03:42PM
I can't wait for Doom to tell me that it can't continue because I'm running low on magenta ink.
(Score: 0) by Anonymous Coward on Thursday September 18 2014, @12:03AM
(Score: 5, Funny) by VLM on Wednesday September 17 2014, @03:55PM
I have to tip my hat in the direction of Michael Jordon, most former nba athletes don't do cool stuff like p0wn printers.
In a way I'm glad the hacked firmware implements doom, if it just displayed "PC LOAD LETTER" like the office space movie I'd be laughing too hard to comment.
(Score: 4, Funny) by Kromagv0 on Wednesday September 17 2014, @04:34PM
if it just displayed "PC LOAD LETTER" like the office space movie I'd be laughing too hard to comment.
For that I believe we would need Michael Bolton to create some firmware for it but he appears to still be working in the music industry.
T-Shirts and bumper stickers [zazzle.com] to offend someone
(Score: 3, Insightful) by Alfred on Wednesday September 17 2014, @04:58PM
With all the emphasis of air quotes I can muster...
"working"
and
"music"
(Score: 1, Offtopic) by zafiro17 on Wednesday September 17 2014, @05:57PM
Go smoke a joint a lighten up, mods. This is funny, not troll. Does anyone even remember what trolling is anymore?
Dad always thought laughter was the best medicine, which I guess is why several of us died of tuberculosis - Jack Handey
(Score: 1, Offtopic) by Alfred on Wednesday September 17 2014, @06:22PM
Thank you.
Just because I'm not a fan of Michael Bolton or whatever the music industry usually calls music doesn't mean I'm a troll. *sniff sniff*
Serious question for all: Who here would own up to being a fan of Michael Bolton? You can post as AC to reply.
(Score: 1, Funny) by Anonymous Coward on Wednesday September 17 2014, @07:15PM
Posting AC for obvious reasons
(Score: 3, Funny) by looorg on Wednesday September 17 2014, @04:36PM
Isn't the FPS going to be horrible if it has to print out frame after frame after frame?
(Score: 3, Informative) by tangomargarine on Wednesday September 17 2014, @06:14PM
Although neither the summary nor article makes it clear, it looks like when they say "run on" they mean "display the game on the printer status screen and let you play via pushing the printer buttons" (couldn't see any buttons being pressed so I'm just guessing on that front).
Had to go and watch the actual video to figure that out. Geez.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by wonkey_monkey on Wednesday September 17 2014, @05:03PM
Eww.
systemd is Roko's Basilisk
(Score: 3, Funny) by g33kgirl on Wednesday September 17 2014, @05:25PM
So canon will fix the bugs and I can play Doom with a full colour palette instead of printing my TPS reports - thanks Canon!
(Score: 1) by dpp on Wednesday September 17 2014, @07:16PM
That's all well and good, but the important question - can it run Crysis?!
(Score: 1) by len_harms on Wednesday September 17 2014, @08:24PM
A better question is does it play spispod?