![hack run zero comm settings hack run zero comm settings](https://pics.loveforquotes.com/appadvice-daily-hack-run-0-99-0100-learn-the-commands-universal-66102038.png)
The lack of authentication makes it vulnerable to a cross-site request forgery attacks (CSRF) that modify the printer’s configuration. We therefore estimate there are at least 2000 vulnerable models connected directly to the Internet.Įven if the printer is not directly accessible from the Internet, for example behind a NAT on a user’s home network or on an office intranet, the printer is still vulnerable to remote attack. 1822 of those IPs responded and 122 we believe have a vulnerable firmware version (around 6%). Here’s the video (sorry the colours aren't perfect):īut would anyone put their printer’s web interface on the Internet? Well we sampled 9000 of the 32000 IPs that Shodan () indicated may have a vulnerable printer. It was not straight forward due to it needing all the operating system dependences to be implemented in Arm without access to a debugger, or even multiplication or division. For demonstration purposes I decided to get Doom running on the printer (Doom as in the classic 90s computer game).
#Hack run zero comm settings update
So we can therefore create our own custom firmware and update anyone’s printer with a Trojan image which spies on the documents being printed or is used as a gateway into their network. I will go into the nuts and bolts of how I broke that later in this blog post. So what protection does Canon use to prevent a malicious person from providing a malicious firmware? In a nutshell - nothing, there is no signing (the correct way to do it) but it does have very weak encryption. If you can change these then you can redirect where the printer goes to check for a new firmware. While you can trigger a firmware update you can also change the web proxy settings and the DNS server. At first glance the functionality seems to be relatively benign, you could print out hundreds of test pages and use up all the ink and paper, so what? The issue is with the firmware update process. This interface does not require user authentication allowing anyone to connect to the interface.