- CANON I960 PRINTER DRIVER FOR MAC UPDATE
- CANON I960 PRINTER DRIVER FOR MAC FULL
- CANON I960 PRINTER DRIVER FOR MAC PASSWORD
This blog post contains a description of how the encryption was broken.
CANON I960 PRINTER DRIVER FOR MAC FULL
See at the end of the blog for their full response.
CANON I960 PRINTER DRIVER FOR MAC PASSWORD
They have informed us that future versions of the printer will have username and password authentication on the web interface. Although the printer is not actually on the Internet, this is possible because the malicious web page initiates requests from the user’s browser which is on the same network as the printer.Ĭontext contacted Canon back in March of this year and we provided them with the information about this issue. Once the printer’s IP address has been found, the web page sends a request to the web interface to modify the proxy configuration and trigger a firmware update. A colleague (thanks Paul Stone) demonstrated this by making a web page that first scans the local network for vulnerable printers (using a technique called JavaScript port scanning).
The lack of authentication makes it vulnerable to a cross-site request forgery attacks (CSRF) that modify the printer’s configuration. We therefore estimate there are at least 2000 vulnerable models connected directly to the Internet.Įven if the printer is not directly accessible from the Internet, for example behind a NAT on a user’s home network or on an office intranet, the printer is still vulnerable to remote attack. 1822 of those IPs responded and 122 we believe have a vulnerable firmware version (around 6%). Here’s the video (sorry the colours aren't perfect):īut would anyone put their printer’s web interface on the Internet? Well we sampled 9000 of the 32000 IPs that Shodan () indicated may have a vulnerable printer. It was not straight forward due to it needing all the operating system dependences to be implemented in Arm without access to a debugger, or even multiplication or division.
For demonstration purposes I decided to get Doom running on the printer (Doom as in the classic 90s computer game).
CANON I960 PRINTER DRIVER FOR MAC UPDATE
So we can therefore create our own custom firmware and update anyone’s printer with a Trojan image which spies on the documents being printed or is used as a gateway into their network. I will go into the nuts and bolts of how I broke that later in this blog post.
So what protection does Canon use to prevent a malicious person from providing a malicious firmware? In a nutshell - nothing, there is no signing (the correct way to do it) but it does have very weak encryption. If you can change these then you can redirect where the printer goes to check for a new firmware. While you can trigger a firmware update you can also change the web proxy settings and the DNS server. At first glance the functionality seems to be relatively benign, you could print out hundreds of test pages and use up all the ink and paper, so what? The issue is with the firmware update process. This interface does not require user authentication allowing anyone to connect to the interface.
0 kommentar(er)
