Canon has issued a warning to users of its inkjet printers, both for home, office, and large format use, as a significant security flaw has been identified. During initialization, the printers fail to wipe Wi-Fi connection settings from their memories, posing a privacy risk.
This oversight allows unauthorized access to sensitive data by repair technicians, temporary users, or future buyers, as they can retrieve the connection details for the printer’s Wi-Fi network.
The stored data in Canon printers includes critical information such as the network SSID, password, network type, IP address, MAC address, and network profile. Exploitation of this sensitive Wi-Fi connection information could enable malicious third parties to gain unauthorized access to a user’s network, leading to potential data theft and privacy breaches.
Canon lists 196 impacted printer models, spanning inkjet, business inkjet, and large-format inject printer models, urging users to take immediate action to mitigate the risk.
Canon advises impacted users to wipe their Wi-Fi settings before allowing third-party access to the printer, especially during device repairs or transfers. They provide step-by-step instructions on how to reset settings and enable the wireless LAN. For models lacking the ‘Reset all’ function, users should follow alternative steps provided in the operation manual.
Additionally, Canon recommends isolating printers on separate networks from valuable assets to thwart attackers from gaining access even if the network becomes compromised. Lastly, users should promptly apply available firmware updates and disable unnecessary services like cloud printing or remote management interfaces to bolster their printer’s security against potential attacks.
