Knee-deep in the Print Head
September 15, 2014 3:10 PM   Subscribe

To highlight the vulnerabilities of an unsecured web interface in Canon Pixma printers that allows the uploading of arbitrary binaries as firmware, information security consultant Michael Jordan has made a printer run Doom (video) as part of a presentation at 44Con 2014. [via]
posted by figurant (30 comments total) 9 users marked this as a favorite
 
Do security conventions give awards for best proof-of-concept?

If so, this beats the ones who disguised their smart-phone rootkit as a charging station, hands down.
posted by The Pluto Gangsta at 3:20 PM on September 15, 2014


I have three reactions: The first is "holy crap, that's a much better use for those displays than the printer manufacturers have".

The second is that I'm thinking about how I might partition my home network in a way that can detect devices moving traffic on ports they're not authorized for. I'm already moderately paranoid on that network, but something like Ubuntu's ufw firewall between individual devices on my network is seeming more and more like a good idea.

The third is wondering how I trust that device that does the routing.

At lunch today, I marveled at how the fancy presence sensing trash cans managed to get all of the particulars of user experience wrong, and how a foot pedal operated trash can would be way more useful.

Now I'm wondering what processors in my home I can get rid of and replace with mechanical processes, because even as I embrace many of the cool ways that technology is impacting my life, I'm getting this nagging feeling that the hidden down-sides run way deeper and broader than I can conceive of.

If anybody needs me, I've already ripped the computers out of the second bedroom, I'll be in the process of putting foil on the walls and turning it into a Faraday cage.
posted by straw at 3:27 PM on September 15, 2014 [7 favorites]


WARNING: You are running low on Cacodemons.
posted by benzenedream at 3:38 PM on September 15, 2014 [28 favorites]


Can someone create an arbitrary binary that will make my printer stop thinking it is out of magenta ink?
posted by jacquilynne at 4:03 PM on September 15, 2014 [15 favorites]


Man, and i thought the cool stuff like this would come out of those webOS printers.
posted by emptythought at 4:04 PM on September 15, 2014


I hope you're all locked down and ready for the Internet of Things.
posted by Nerd of the North at 4:11 PM on September 15, 2014 [3 favorites]


BFG LOAD LETTER
posted by Small Dollar at 4:13 PM on September 15, 2014 [32 favorites]


Can't wait for this to be demonstrated with implanted devices like pacemakers. "We've made your heart play 'Chopsticks!' Watch!"
posted by fifteen schnitzengruben is my limit at 4:32 PM on September 15, 2014 [5 favorites]


I hope you're all locked down and ready for the Internet of Things.

Perhaps the Internet of Things Which Should Not Be?
posted by GenjiandProust at 4:33 PM on September 15, 2014 [6 favorites]


Mad respect both to the hacker and to the OP for the title of this post.
posted by Pope Guilty at 4:38 PM on September 15, 2014 [3 favorites]


straw: if you're going full retro, check out Lehman's; it's a store for the Amish, and it's awesome. Hand-cranked blender! Washing Plunger! Wood-burning cook stoves! Oil lamps!

Party like it's 1899.
posted by leotrotsky at 4:41 PM on September 15, 2014 [7 favorites]


...
LPT0 on fire.
posted by chaosys at 4:42 PM on September 15, 2014 [2 favorites]


The hacker, the OP for the title of this post, and the comments in general. I came in here expecting to be amused, I was not disappointed.
posted by Joakim Ziegler at 4:44 PM on September 15, 2014 [2 favorites]


The third is wondering how I trust that device that does the routing.

Smoothwall. You can, with the community version, create 4 different subnetworks with rules for transactions between them.

Also, Snort IDS will let you know when your son is trying out a new portscanner on his iphone.
posted by Pogo_Fuzzybutt at 4:55 PM on September 15, 2014 [1 favorite]


Shit, I can't even get my Canon Pixma to print.
posted by louche mustachio at 4:59 PM on September 15, 2014 [1 favorite]


Shit, I can't even get my Canon Pixma to print.

Does it happen to be growling?
posted by Pope Guilty at 5:04 PM on September 15, 2014 [1 favorite]


I hate that I know enough to be worried about stuff like this but not enough to do anything useful about it.
posted by Scattercat at 5:36 PM on September 15, 2014 [2 favorites]


There's nothing wrong with this printer that I can't fix ... with my hands! DYNAMITE!

That printer must have huge guts! RIP AND TEAR!
posted by adipocere at 5:45 PM on September 15, 2014 [1 favorite]


IDBEHOLD T(oner)
posted by griphus at 5:52 PM on September 15, 2014


Printer?
posted by spitbull at 6:04 PM on September 15, 2014


They are popular in offices
posted by thelonius at 6:14 PM on September 15, 2014 [1 favorite]


My immediate question was whether he had to tweak his autoexec.bat or config.sys to make this happen.
posted by middleclasstool at 6:50 PM on September 15, 2014 [3 favorites]


When I first read this I was imagining the printer actually printing out DOOM frame by frame.
posted by ropeladder at 7:56 PM on September 15, 2014 [7 favorites]


middleclasstool: Don't forget himem.sys.
posted by ODiV at 8:08 PM on September 15, 2014 [1 favorite]


The attack as described relies on an XSS hack to make the printer download the malware payload from a server on the internet. (I presume when they talk about making it use a proxy, they mean a remote proxy, not a compromised computer within your network, because if they can do that you're screwed a thousand ways already.) It can be thwarted by router firewall rules that prevent your printer from reaching the internet. With a decent ordinary router you should be able to assign the printer a static address within a specific range and then block that range.

If at any time you legitimately want to update the firmware, just temporarily drop the rule, go to the panel, check the network settings have not been compromised and do it right there.
posted by George_Spiggott at 8:12 PM on September 15, 2014 [1 favorite]


Speaking of the Internet of Things - radios that passively power themselves off of the signals they're receiving:
This Internet of Things radio is the size of an ant
The radios, which don't require batteries, can execute commands quickly.
posted by XMLicious at 8:21 PM on September 15, 2014


The radios, which don't require batteries

To go with your self powered switch!


Alternatively, the Twenties called and want their technology back
posted by Nonsteroidal Anti-Inflammatory Drug at 10:10 PM on September 15, 2014


Can some forward-thinking country please start mandating mandatory hardware off switches for all wireless cards, microphones, and video cameras?
posted by benzenedream at 11:46 PM on September 15, 2014


Great. Where can I find examples of all-in-one printers that aren't security risks?
posted by koucha at 7:45 AM on September 17, 2014


koucha, the problem with the complexity of modern networking technology is that there are no all-in-one printers that aren't security risks. And, in fact, there can't be. But I think there's a larger problem here...

This last week, I got involved in an evolving distributed web API spec. This is something that's got the sign-on of people who developed web standards that you use every day. I pointed out that this spec fell prey to certain DDOS exploits, and from everybody involved got a "well, it's not a problem yet, we'll deal with it when it becomes an issue".

It took me a week to get people to run a simple two word Google search which pointed out that although it wasn't a huge problem in this specific case yet, it was a huge problem that's currently using up thousands of hours of people effort across the globe to try to mitigate it.

In essence, the attitude in the industry as a whole is "well, the grizzly bears haven't attacked my camp yet, but when they do I'll just put a padlock on my tent."

And the overwhelming complexity introduced by various programming frameworks written by people who couldn't be bothered to understand the basic protocols to begin with (for people who can't be bothered to understand that there was an underlying protocol) means that, largely, we have an industry dedicated to building exploitable systems.
posted by straw at 10:25 AM on September 17, 2014 [2 favorites]


« Older A sliding tile puzzle and music theory all in one!   |   food IS a theme park Newer »


This thread has been archived and is closed to new comments