The web-based configuration interfaces of many printers have a little security issue. They are often inadequately secured and thus also vulnerable from the outside. At first glance, the damage potential does not seem particularly threatening. An attacker could make printers inaccessible to legitimate users or waste paper and ink cartridges.
It is more dangerous if the firmware is changed from outside. Security experts from the British company Context Information Security took over Canon Pixma Printers and found that their firmware was only secured by a simple XOR encryption and had no signature. It could easily be modified and any malware can be installed.
The security researchers demonstrated this with a hack at the firmware of a Canon Pixma MG6450 and installed there the shooting game Doom, which was then easily played on the display of the printer. Only the resolution and the color scheme left something to be desired, according to the security researchers. Access to the printer was through manipulated web pages via a so-called CSRF (Cross-Site Request Forgery) attack. This means that devices that can only be reached via the intranet can also be compromised by means of a manipulated website. For this purpose, you only have to call it anywhere in the affected network.
Canon has already responded and wants to provide updates for all affected printers from the date of manufacture in mid-2013. The security experts examined a total of 9,000 IP addresses with printers that might be accessible in the network. They found 1,822 devices accessible via the Internet, 122 of which had an attackable firmware. The total number of devices that can be compromised in this way was estimated at 2,000 printers.
No comments:
Post a Comment