first_imgGeeks love Doom. They love it so much that they’ll try to hack just about anything to get id Software’s ground-breaking FPS to run on it. Doom %displayPrice% at %seller% has wound up on some pretty interesting hardware before, like an ATM… and now it’s running on a Canon Pixma $246.99 at Amazon printer.Michael Jordon (that’s Jordon, he’s not the former Bulls star and Hanes underwear spokesman) recently discovered a gaping security hole in a number of Canon’s consumer inkjet printers. The flaw? The printers’ web configuration interface isn’t secured by a username or password — let alone both — by default.Rather than just uncovering the rather obvious flaw and forcing the compromised printer to spew out page after page of “All work and no play makes Jack a dull boy,” or displaying memes on its tiny LCD screen, Jordon decided to get really ambitious.He noticed a second glaring problem: Pixma firmware updates apparently don’t have to be signed. With credential-free access to the web configuration page, Jordon figured that he could pretty easily trick the printer into installing bogus firmware. All it took was a quick modification of the printer’s DNS server IP and he was ready to serve up his payload.Fortunately, it’s just an imperfect port of Doom that Jordon pushed to the printer. It could just as easily been a data-stealing Trojan, though, and that’s obviously a major problem. A quick survey of 9,000 devices using Shodan’s web-based discovery service found 122 vulnerable printers — which Jordon believes means that there are around 2,000 vulnerable Pixma printer models out there.Canon says they’re taking Jordon’s report very seriously. They haven’t specified when a fix is coming, but they’re going to patch the hole. Until they do, make sure your wireless network is properly locked down — or your printer could be doomed in an entirely different way.last_img