On Friday, a hacker presenting at the 44CON Information Security Conference in London picked at the vulnerability of Web-accessible devices and demonstrated how to run unsigned code on a Canon printer via its default Web interface. After describing the device's encryption as "doomed," Context Information Security consultant Michael Jordon made his point by installing and running the first-person shooting classic Doom on a stock Canon Pixma MG6450.

Sure enough, the printer's tiny menu screen can render a choppy and discolored but playable version of id Software's 1993 hit, the result of Jordon discovering that Pixma printers' Web interfaces didn't require any authentication to access. "You could print out hundreds of test pages and use up all the ink and paper, so what?" Jordon wrote at Context's blog report about the discovery, but after a little more sniffing, he found that the devices could also easily be redirected to accept any code as legitimate firmware.

A vulnerable Pixma printer's Web interface allows users to change the Web proxy settings and the DNS server. From there, an enterprising hacker can crack the device's encryption in eight steps, the final of which includes unsigned, plain-text firmware files. The hacking possibilities go far beyond enabling choppy, early '90s gaming: "We can therefore create our own custom firmware and update anyone’s printer with a Trojan image which spies on the documents being printed or is used as a gateway into their network," Jordon wrote.

Out of ink? Just type "IDDQD"

It's a solid reminder that the most seemingly innocent devices in a home or work network can become gateways to all matter of exploits, beyond the ones publicly disclosed at hacking conferences. Years ago, for example, a series of Hewlett-Packard printers were subject to their own remote-access hack, though HP denied the researchers' assertion that it could be used to set printers on fire.

The Canon exploit, meanwhile, could reach far and wide if affected users don't pay attention to upcoming firmware updates to fix the issue. Shortly before the exploit became public, Context scanned the Internet for vulnerable Pixma printers whose Web interfaces could be accessed. The group was able to log into six percent of them; by that estimate, "at least 2,000 vulnerable models" are sitting online as we speak, ready to receive Doom (or something scarier).

Jordon's post goes into less detail about the version of Doom he got running on Pixma printers; in an interview with the BBC, he clarified that the printer had a 32-bit ARM processor and 10 MB of memory, but modifying the ARM version of Doom to work required months of his spare time. As a result, he told the BBC he was "so sick of" working on the game port and would not further optimize it (sorry, printer gamers!).

Context reached out to Canon after discovering the exploit in March of this year, and the companies have been in active conversations since then. Immediately after the presentation, Canon issued a statement indicating that all affected Pixma models in the wild will receive a firmware update to add a login prompt. In the meantime, Context suggests users "not put your wireless printers on the Internet, nor any other ‘Internet of Things’ device." The security company isn't aware of any active exploits aimed at printers, "but hopefully we can increase the security of these types of devices before the bad guys start to."