Stories
Slash Boxes
Comments

SoylentNews

SoylentNews is people

Sections

SoylentNews

Log In

Create Account | Retrieve Password

Gift a Subscription

Run Doom on your Printer

posted by janrinok on Wednesday September 17 2014, @03:41PM

from the looking-suspiciously-at-my-printer dept.

Geotti writes:

Printers have been used as an attack vector in the past. This is a new take.

Apparently, the Canon Pixma printers that sport a web interface for their users convenience are so convenient that they forget to ask for a username and password to access it. Besides more benign settings, status reports and diagnostic functions, it is possible to perform a firmware update through this interface as well as change the DNS and proxy settings.

"So what" you ask?

Well... Someone on your network can access the web-interface and change the firmware (or print test-pages en masse), but even if you don't have guests and your Pixma is thought to be not exposed to the outside world via your router, it is possible to launch a cross-site request forgery attack (CSRF) through your browser, change the DNS and/or proxy settings and initiate a firmware update to make the router download a malicious payload.

Michael Jordon demonstrates one such not-so-malicious firmware and goes into further detail in his blog. There's also a video for the TL;DR fans that just want to see his payload.

This discussion has been archived. No new comments can be posted.

Run Doom on your Printer | Log In/Create an Account | Top | 14 comments | Search Discussion

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Oh Joy Oh Joy (Score: 4, Funny) by Horse With Stripes on Wednesday September 17 2014, @03:42PM

by Horse With Stripes (577) on Wednesday September 17 2014, @03:42PM (#94588)

I can't wait for Doom to tell me that it can't continue because I'm running low on magenta ink.
- Re:Oh Joy (Score: 0) by Anonymous Coward on Thursday September 18 2014, @12:03AM
  
  by Anonymous Coward on Thursday September 18 2014, @12:03AM (#94734)
  
  iddqd
  
  Magenta cartridge installed correctly, 999 % remaining.
  
  Parent
PC LOAD LETTER WTF DOES THAT MEAN PC LOAD LETTER WTF DOES THAT MEAN (Score: 5, Funny) by VLM on Wednesday September 17 2014, @03:55PM

by VLM (445) on Wednesday September 17 2014, @03:55PM (#94596)

I have to tip my hat in the direction of Michael Jordon, most former nba athletes don't do cool stuff like p0wn printers.
In a way I'm glad the hacked firmware implements doom, if it just displayed "PC LOAD LETTER" like the office space movie I'd be laughing too hard to comment.
- Re:PC LOAD LETTER WTF DOES THAT MEAN Re:PC LOAD LETTER WTF DOES THAT MEAN (Score: 4, Funny) by Kromagv0 on Wednesday September 17 2014, @04:34PM
  
  by Kromagv0 (1825) on Wednesday September 17 2014, @04:34PM (#94607) Homepage
  
  if it just displayed "PC LOAD LETTER" like the office space movie I'd be laughing too hard to comment.
  For that I believe we would need Michael Bolton to create some firmware for it but he appears to still be working in the music industry.
  
  --
  T-Shirts and bumper stickers [zazzle.com] to offend someone
  
  Parent
  - Re:PC LOAD LETTER WTF DOES THAT MEAN Re:PC LOAD LETTER WTF DOES THAT MEAN (Score: 3, Insightful) by Alfred on Wednesday September 17 2014, @04:58PM
    
    by Alfred (4006) on Wednesday September 17 2014, @04:58PM (#94615) Journal
    
    With all the emphasis of air quotes I can muster...
    "working"
    and
    "music"
    
    Parent
    - Re:PC LOAD LETTER WTF DOES THAT MEAN Re:PC LOAD LETTER WTF DOES THAT MEAN (Score: 1, Offtopic) by zafiro17 on Wednesday September 17 2014, @05:57PM
      
      by zafiro17 (234) on Wednesday September 17 2014, @05:57PM (#94626) Homepage
      
      Go smoke a joint a lighten up, mods. This is funny, not troll. Does anyone even remember what trolling is anymore?
      
      --
      Dad always thought laughter was the best medicine, which I guess is why several of us died of tuberculosis - Jack Handey
      
      Parent
      - Re:PC LOAD LETTER WTF DOES THAT MEAN Re:PC LOAD LETTER WTF DOES THAT MEAN (Score: 1, Offtopic) by Alfred on Wednesday September 17 2014, @06:22PM
        
        by Alfred (4006) on Wednesday September 17 2014, @06:22PM (#94638) Journal
        
        Thank you.
        Just because I'm not a fan of Michael Bolton or whatever the music industry usually calls music doesn't mean I'm a troll. *sniff sniff*
        Serious question for all: Who here would own up to being a fan of Michael Bolton? You can post as AC to reply.
        
        Parent
        
        Re:PC LOAD LETTER WTF DOES THAT MEAN (Score: 1, Funny) by Anonymous Coward on Wednesday September 17 2014, @07:15PM
        
        by Anonymous Coward on Wednesday September 17 2014, @07:15PM (#94660)
        
        I celebrate the guy's entire catalog.
        
        Posting AC for obvious reasons
        
        Parent
What about the FPS? What about the FPS? (Score: 3, Funny) by looorg on Wednesday September 17 2014, @04:36PM

by looorg (578) on Wednesday September 17 2014, @04:36PM (#94608)

Isn't the FPS going to be horrible if it has to print out frame after frame after frame?
- Re:What about the FPS? (Score: 3, Informative) by tangomargarine on Wednesday September 17 2014, @06:14PM
  
  by tangomargarine (667) on Wednesday September 17 2014, @06:14PM (#94635)
  
  Although neither the summary nor article makes it clear, it looks like when they say "run on" they mean "display the game on the printer status screen and let you play via pushing the printer buttons" (couldn't see any buttons being pressed so I'm just guessing on that front).
  Had to go and watch the actual video to figure that out. Geez.
  
  --
  "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
  
  Parent
Video? Payload? (Score: 2) by wonkey_monkey on Wednesday September 17 2014, @05:03PM

by wonkey_monkey (279) on Wednesday September 17 2014, @05:03PM (#94618) Homepage

There's also a video for the TL;DR fans that just want to see his payload.
Eww.

--
systemd is Roko's Basilisk
canon doomed (Score: 3, Funny) by g33kgirl on Wednesday September 17 2014, @05:25PM

by g33kgirl (4707) on Wednesday September 17 2014, @05:25PM (#94622)

The bbc [bbc.co.uk] is carrying this:
"The colour palette is still not quite right," he said. "But it proves the point and it runs quite quickly, though it's not optimised." ... On a blog entry [contextis.co.uk] about Mr Jordon's work, Canon said it intended "to provide a fix as quickly as is feasible".

So canon will fix the bugs and I can play Doom with a full colour palette instead of printing my TPS reports - thanks Canon!
The important question - can it run Crysis?! The important question - can it run Crysis?! (Score: 1) by dpp on Wednesday September 17 2014, @07:16PM

by dpp (3579) on Wednesday September 17 2014, @07:16PM (#94661)

That's all well and good, but the important question - can it run Crysis?!
- Re:The important question - can it run Crysis?! (Score: 1) by len_harms on Wednesday September 17 2014, @08:24PM
  
  by len_harms (1904) on Wednesday September 17 2014, @08:24PM (#94674) Journal
  
  A better question is does it play spispod?
  
  Parent

Moderator Help

Can anyone remember when the times were not hard, and money not scarce?