In a blog post for Context Information Security, Jordon explains how he was able to change the way a Canon PIXMA MG6450 printer receives software updates. This allowed him to remotely change what is displayed on the small color screen on the printer. Instead of printing test pages, Jordon chose to use the printer to run a version of the classic first-person shooter game "Doom."
While it is funny seeing a printer running Doom on its 3 inch screen, the research done by Michael Jordon shows that there's a serious flaw in the way that the Canon PIXMA printer connects to the internet. The printer doesn't require a password to access the online control panel, which could open up thousands of printers to internet attacks. One attack on the printer could involve installing software that monitors every document sent to the infected printer.
Jordon's wider point is that the world is filling up with "smart" objects and devices that form a connected "internet of things." They often don't look like computers, and they often have minimal security features guarding them against hacks.
In a statement to Context Information Security, Canon promised to fix the vulnerability in future models of the Pixma printer:
We intend to provide a fix as quickly as is feasible. All PIXMA products launching from now onwards will have a username/password added to the PIXMA web interface, and models launched from the second half of 2013 onwards will also receive this update, models launched prior to this time are unaffected. This action will resolve the issue uncovered by Context.