Security Company Easily Hacks Canon's New Pixma Printers

Toner News Mobile Forums Toner News Main Forums Security Company Easily Hacks Canon's New Pixma Printers

Date: Monday September 15, 2014 11:24:46 am
Viewing 1 post (of 1 total)
  • Author
    Posts

  • Anonymous
    Inactive

    Security Company Easily Hacks Canon's New Pixma Printers
    By Dave Neal


    CONTEXT SECURITY has hacked a Canon Pixma printer, modified it's firmware and run a game of Doom on it.

    As well as killing aliens with BFGs, the white hat hackers were able to use up ink, as we've all done, by printing out hundreds of documents. They could also, if they had wanted to, have installed a Trojan on the machine that could have read any document that passed through it.
    http://limcorp.net/images/2010/canon-pixma-printers-movie-printing/canon-pixma-printers.jpg

    Context Security said that all this should cause concerns about the security of the Internet of Things. The attack was shown off at a security event called 44Con in London this morning by Context head of security Mike Jordon.

    "This latest example further demonstrates the insecurities posed by the emerging Internet of Things as vendors rush to connect their devices," said Jordon.

    "The printer's web interface did not require user authentication, allowing anyone to connect to it. But the real issue is with the firmware update process. If you can trigger a firmware update you can also change the web proxy settings and the DNS server; and if you can change these then you can redirect where the printer goes to check for a new firmware update and install custom code – in our case a copy of Doom."
    http://cdn0.mos.techradar.futurecdn.net//art/printers_and_scanners/Canon/Canon%20Pixma%20Pro%201/canon-pixma-pro1-inks-580-90.jpg

    Context has already told Canon about this. In a statement, the hardware firm thanked Context.

    "We thank Context for bringing this issue to our attention; we take any potential security vulnerability very seriously. At Canon we work hard at securing all of our products, however with diverse and ever-changing security threats we welcome input from others to ensure our customers are as well protected as possible. We intend to provide a fix as quickly as is feasible," Canon said.

    Canon added that the Pixma web interface will requre a username and password for logging on, from now on. "This action will resolve the issue uncovered by Context," it added.

    Context is hammering on a number of Internet of Things devices including lightbulbs, children's toys and a NAS. It has advised, and this might a bit be hard to swallow, that Internet of Things devices should not be connected to the internet.
    http://www.letsgodigital.org/images/artikelen/6/Canon-Pixma-logo.jpg

Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.