Yea but can it run Crysis?
Infosec geniuses hack a Canon PRINTER and install DOOM
Security researchers have demonstrated a hack that allowed them to get into the web interface of a Canon Pixma printer before modifying its firmware to run the classic 90s computer game Doom. The proof-of-concept demo by security researchers at Context Information Security, which involved remotely accessing the web interface …
COMMENTS
-
-
-
-
Monday 15th September 2014 12:59 GMT stucs201
Re: can it run Crysis?
Maybe not this one, but if things carry on the way they're going then no doubt we'll eventually get printers that can. Why can this one even run Doom? I was at university when it came out, there were about a dozen computers on the entire campus that could run it playably. Just what exactly does a printer need this much processor power for?
Even ignoring that security would be less of an issue if it couldn't do anything except print (well except perhaps for printers armed with frickin lasers), we've been warned where this path of putting more processor power than needed ends - talking AI toasters that won't accept you want something else for breakfast.
-
Tuesday 16th September 2014 07:08 GMT h4rm0ny
Re: can it run Crysis?
>>"Just what exactly does a printer need this much processor power for?"
Technology has just become cheap enough that the new baseline it's not worth selling below is much higher than it used to be. The equivalent of a 486 is next to nothing. So you can get something ridiculously low power which will probably cost you as much or more because it's a minority market, and then spend time tailoring your firmware. Or you can buy a peanuts embedded system, slap a pre-built GNU/Linux binary designed for it (probably by the same people who sold you the chip) and just write your software to run on GNU/Linux - for which the expertise is much more available and half your job is done for you.
/used to work on embedded systems.
-
Friday 19th September 2014 12:51 GMT DaddyHoggy
Re: can it run Crysis?
Companies buy bulk cheap SoC cpus that be programmed to cope with a large raft of that company's embedded processing needs. If you can buy 10,000 or 100,000 of them at 10p each and they happen to have enough grunt to run something that, when it came out, would run on a 486, then that's just the way it is.
Moore's law doesn't just move the top end of the processing power along.
-
Thursday 25th September 2014 20:04 GMT Cryo
Re: can it run Crysis?
Judging by the video they provided, Printer-Doom looks more like several colors of barely recognizable noise past the splash screen, so I wouldn't exactly say that the printer can run it 'playably'. I suppose what performance is there is so that it can serve it's web interface relatively smoothly though.
-
-
-
Monday 15th September 2014 16:30 GMT Peter2
Re: I want to know
HP Laserjet 1320 desktop printers (about ten years ago) had 130MHz processors. That's about 5 times more power than most people had playing it to start with.
My network printers in use now have 500MHz processors. I do occasionally wonder why they need this level of power, but presumably this comes about because it's cheaper to buy and integrate a cheap mobile phone processor than to create a fab to knock out 486 chips.
-
Tuesday 16th September 2014 12:00 GMT Tim Bates
Re: I want to know
"My network printers in use now have 500MHz processors. I do occasionally wonder why they need this level of power"
Print job processing. Especially as people expect more and more to be able to print out a full A4 high res photo in a matter of seconds from their shiny wireless gadgets.
-
Tuesday 16th September 2014 12:05 GMT drewsup
Re: A glimmer of hope
Most mfp based machines are using 1gz and up processors these days, yes they usually run a Linux variant because its free or cheap, and use most of it for image processing. It takes a fair amount of grunt to render full colour prints fast, never mind network scanning.our mid range machines run a 1.2 gz chip, 2 gb of ram and have a dual 160 gb hdd array in raid 0, this has been a standard on 50 ppm mfp's for 5 years now.
-
-
-
Monday 15th September 2014 16:59 GMT JeffyPoooh
The Acme Decision Inverter
"...plant a trojan on the printer..."
Corporations with poor decision making skills could have their board room printer hacked. Any document entitled "Minutes" could have the word "not" inserted and/or removed where required to reverse the sense of all formal decisions. Thus all corporate decisions would be reversed in the hacked printer firmware used to print the Minutes. Overnight, from 95% bad decisions to 95% correct decisions. Amazing!
This one simple ~500 byte hack, applied to a few dozen printers around the world, may end the recession that has been gripping the world economy.
-
-
-
Monday 15th September 2014 12:47 GMT Anonymous Coward
Re: Frame rate
"I was expecting 3 frames-per-minute, except on really dark frames where it would be 1fpm..."
So about what we experienced when playing it on a 486SX?
Sadly, regardless of graphic detail, no subsequent game has ever re-created the frisson of genuine fear that I sometimes felt when playing the original Doom.
-
Monday 15th September 2014 21:34 GMT Martin-73
Re: Frame rate
It can still do it now (yes I play occasionally, there is still an active community developing custom WAD files).
You think you've dealt with everything, are wandering around picking up bonuses and ammo peacefully.... and suddenly there's a baron of hell roaring in your face.
-
-
-
Monday 15th September 2014 09:46 GMT Caesarius
Do not blaspheme against the mighty XOR
Don't blame the XOR. If I were to use a one-time pad to apply a sequence of bytes to my data using XOR, my code would be unbreakable. Therefore XOR is not a weak link. You'd have trouble managing such keys to cover unlimited data, but that isn't the XOR's fault.
You might as well say that the processor can't be expected to do much, because it's only manipulating a bag of bits using very simple operations.
-
-
-
-
Monday 15th September 2014 20:13 GMT Fatman
RE:... hey this looks like something out of a BOFH episode.
What WOULD make the BOFH proud would be able to intercept the stream from the 'print payroll job', and make some necessary changes, those that increase his pay, and those that diminish the boss' pay.
This could really stump the bean counters.
"Shit, the (payroll) numbers are right, but why do the checks came out WRONG?"
-
-
-
-
Monday 15th September 2014 12:33 GMT David L Webb
Re: Time travel?
No I think it just means that older models weren't vulnerable to this issue but that a change they made in the second half of 2013 means that any models since then are vulnerable. Hence they will be providing an update to such vulnerable models and making sure that new models are not vulnerable.
-
-
Monday 15th September 2014 13:01 GMT Anonymous IV
I thought this was a function of the printer firmware...
"The proof-of-concept demo by security researchers at Context Information Security [...] allowed them to exhaust the ink of the printer by printing out hundreds of documents."
Now it seems that my printer may have been hacked, and it wasn't just Canon's rapacious ink cartridge greed.
-
Monday 15th September 2014 15:28 GMT Christian Berger
The problem is that it doesn't require any physical presence
Changing the firmware on a device you own is a very sensible feature. This opens the road to alternative firmware images with new features. Or image that remove misfeatures like yellow dots with the serial number printed on every sheet. (some printers do that)
Maybe in the future printer manufacturers decide to print ads on their consumer printers, just like we have mobile phones displaying ads today. (maybe this will be sold as a feature against dried in print heads)
The big point is, you don't own hardware you cannot decide what software runs on it. Installing different firmware is no bug, it's a feature. And with technology becoming a bigger and bigger part of our lives, it becomes more and more important.
-
Monday 15th September 2014 17:50 GMT Al Jones
"models launched prior to this time are unaffected"
Does this mean that older Pixmas can't be hacked in this way, or that older Pixmasa are unaffected by Canons plans to release Firmware updates to address this issue, (because Canon doesn't have any plans to release firmware updates for older models)?
-
Monday 15th September 2014 18:51 GMT Anonymous Coward
About a decade ago I was hacking remote printers that were stupidly addressable from the internet. This still happens a lot in small offices. It still brings smiles to my face thinking about all those "bad' print jobs I sent..
Honestly, it's trivial to break most of them. Whether it's to change a bit of code to forward a copy of all printed / scanned documents without anyone knowing or to just updating the control panel to display pretty much whatever you want - all remotely.
-
Monday 15th September 2014 22:57 GMT Anonymous Coward
My reaction...
A) A little frustrated and scared, as another vulnerable network endpoint is found
B) This could be a great way to improve the user experience associated with the average office printer. I for one would find a user interface where you figuratively chain-sawed other user's jobs out of the queue, so you can get your stuff printed.
-
Tuesday 16th September 2014 06:12 GMT Anonymous Coward
Key Length
Simultanously, the browser developers and Key registries are conspiring to block short encryption/authentication key lengths. Which is what you still want in your made-to-a-price internet-enabled-teddy-bear.
If you want to have an encrypted/authenticated IOTs for places where it doesn't matter, you need an approriate light-weight encryption/authentication system.
-
Monday 22nd September 2014 13:59 GMT Anonymous Coward
Is the duplexer now a DOS feature?
Back in the day, if your printer didn't contain twice the RAM of any machine on your network, you were doing it wrong. Some of those postscript renders at 600dpi took up a lot of space, and more processing power always helped get through work quicker too.
Of course, the other way to DOS a printer was with an infinitely recursive PS job. Or, as the title says, turn on the duplexer which was almost guaranteed to cause a paper jam.
-
Monday 22nd September 2014 16:18 GMT Henry Wertz 1
500mhz CPUs and "internet of things"
Why 500mhz CPU? Because the 133mhz CPU was not fast enough even when the LJ 1320 was new; almost the first Google result is a review complaining how the printer just sits there whenever any complex or graphics-intensive page is sent to it, because the CPU is not fast enough to keep up with the print engine. Making the printer driver do all the work and send bands to the printer, you don't need a fast CPU, the computer's drawn everything out; using Postscript or PCL, the printer does almost all the work and you do.
Internet of Things -- I made sure to turn this "Print from wherever!!!" stuff off on the HPs I've admined. This would tunnel out to some HP web site, which I think would let you print by just knowing the printer serial number -- which I assume are issued consecutively. There didn't appear to be any way to require a password. I find it most troubling that many companies are now taking products that were meant to either run standalone, or on a LAN, and just giving them methods to bust out of a NAT and be fully online. I would venture quite a bit of these devices firmware *originally* assumed direct connection via USB or parallel port (or no connection whatsoever depending on the device), then use on a (assumed non-hostile) LAN, and so are not hardened in any way whatsoever.