Doom made to run on Canon printer to demonstrate wireless security flaw

doom

Sometimes, the only way to attract attention to dire warnings about weaknesses in a particular system is to exploit them in a way that can't be ignored. That's what drove Michael Jordon of Context Information Security to make Doom run on a Canon Pixma printer; not because it's cool (although it clearly is) but to demonstrate the inherent insecurities in Canon's wireless printers.

The colors in the brief gameplay video posted by YouTube user SteveHOCP are wonky (and the music has obviously been added after the fact), but there's no question about it: This is Doom, id Software's greatest creation, running on a printer. It's a remarkable demonstration of how far technology has come over the past two decades, but the actual point was to demonstrate something else entirely: The web interface on Pixma wireless printers doesn't require user authentication in order to connect, which doesn't seem all that particularly terrible until you start looking at the firmware update process.

"While you can trigger a firmware update you can also change the web proxy settings and the DNS server. If you can change these then you can redirect where the printer goes to check for a new firmware," Jordon wrote . "So what protection does Canon use to prevent a malicious person from providing a malicious firmware? In a nutshell - nothing, there is no signing (the correct way to do it) but it does have very weak encryption."

Things get awfully technical at that point but the condensed version is that a determined individual could create a custom firmware and update a printer to make it do pretty much anything within the capabilities of the hardware. "For demonstration purposes I decided to get Doom running on the printer," he wrote. "It was not straightforward due to it needing all the operating system dependences to be implemented in Arm without access to a debugger, or even multiplication or division." But it was doable.

"If you can run Doom on a printer, you can do a lot more nasty things," Jordon told the Guardian . "In a corporate environment, it would be a good place to be. Who suspects printers?"

Canon said in a statement that it intends to issue a fix "as quickly as is feasible."

Andy Chalk
US News Lead

Andy has been gaming on PCs from the very beginning, starting as a youngster with text adventures and primitive action games on a cassette-based TRS80. From there he graduated to the glory days of Sierra Online adventures and Microprose sims, ran a local BBS, learned how to build PCs, and developed a longstanding love of RPGs, immersive sims, and shooters. He began writing videogame news in 2007 for The Escapist and somehow managed to avoid getting fired until 2014, when he joined the storied ranks of PC Gamer. He covers all aspects of the industry, from new game announcements and patch notes to legal disputes, Twitch beefs, esports, and Henry Cavill. Lots of Henry Cavill.

Latest in FPS
Fragpunk FPS
Fragpunk review
Battlefield 1
The best Battlefield game of the last decade is 95% off until Thursday
Grab the brilliant Doom 2016 for its lowest price ever
Rainbow Six Siege year 9 season 2 key art - two Rainbow Six Siege operators facing each other
'Siege 2 was never on the table': Rainbow Six Siege X director explains why the 10-year-old FPS doesn't need a sequel
rainbow six siege sledge
After holding out for 10 years, Rainbow Six Siege is finally going free-to-play (kind of)
rainbow six siege x dual front mode
Rainbow Six Siege is getting its first permanent mode in 10 years, and it throws every Siege rule out the window
Latest in News
Crying laughing emoji with disturbing realistic elements for REPO
REPO's first update will add a new map and a 'duck bucket' so we can finally give that pesky quacker a time out
Man facing camera
The Day Before studio reportedly sues Russian website for calling infamous disaster-game a 'scam'
Will Poulter holding a CD ROM
'What are most games about? Killing': Black Mirror Season 7 includes a follow-up to 2018 interactive film Bandersnatch
Casper Van Dien in Starship Troopers
Sony, which is making a Helldivers 2 movie, is also making a new Starship Troopers movie, but it's not based on the Starship Troopers movie we already have
Assassin's Creed meets PUBG
Ubisoft is reportedly talking to Tencent about creating a new business entity to manage Assassin's Creed and other big games
Resident Evil Village - Lady Dimitrescu
'It really truly changed my life in every possible way': Lady Dimitrescu actor says her Resident Evil Village role was just as transformative for her as it was for roughly half the internet in 2021