This news will more then confirm the concerns raised by many users and security experts about the security of IP enabled devices like routers, modems, printers and even cameras. Context made their findings public on their web blog not surprisingly heading it as ‘Hacking Canon Pixma Printers – Doomed Encryption’ The researchers gained complete access to the Canon Prima printer at a unknown location that they were also able to use up ink by printing test pages via the web interface. Further, they claimed they could easily have installed Trojan malware to spy on documents being printed.
Context presented the PoC of the techniques used to compromise the printer and potentially establish a gateway into the printer’s network at the security conference 44Con in London, which was concluded yesterday. The Context team has previously hacked into other internet-connected products – including a smart light bulb, IP camera and a network-attached storage (NAS) device, raising concerns about IoT security. The ioT flaw is real and dangerous and can be used by cyber criminals for cyber crimes against individuals and entities through devices such as these. “This latest example further demonstrates the insecurities posed by the emerging internet of things as suppliers rush to connect their devices,” said Mike Jordon, head of research at Context. What made it really easy as per Jordan was, “The printer’s web interface did not require user authentication, allowing anyone to connect to it. But the real issue is with the firmware update process.” Jordon explained that by triggering a firmware update, attackers can also change the web proxy settings and the DNS server. “If you can change these, then you can redirect where the printer goes to check for a new firmware update and install custom code – in our case a copy of Doom,” he said. Context stated on its blog, that it had sampled 9,000 of the 32,000 IPs that the website Shodan indicated may have a vulnerable printer. Out of these IPs, 1,822 responded and 122 indicated that they may have a firmware version that could be compromised which is around 6%. “Even if the printer is not connected directly to the internet behind a NAT [network address translation] on a user’s home network or on an office intranet, for example, it is still vulnerable to remote attack,” said Jordon. The lack of authentication also makes the printer vulnerable to a cross-site request forgery attacks (CSRF) that modify the printer’s configuration. Context contacted Canon in March 2014 and provided the supplier with information about this issue. The printer manufacturer responded by saying it would provide a fix as quickly as possible. You can see the entire Proof of Concept on their Blog here or watch the PoC video here