October 2, 2023

Canon has warned its users that sensitive information on the Wi-Fi connection settings stored in the memories of home, office and large format inkjet printers may not be deleted by the usual initialization process.

Detailed out in an advisory, when a third-party takes control of a printer, such as when repairing, lending, selling, or disposing the device, a user’s information may get exposed and potentially vulnerable to a wide range of malicious activities. Canon provided the following instructions to mitigate the issue by wiping Wi-FI settings:

  • Reset all settings (Reset settings ‐> Reset all).
  • Enable the wireless LAN.
  • Reset all settings one more time.

For models that do not have the ‘Reset all’ function in the settings menu, Canon said users can follow the following procedure:

  • Reset LAN settings.
  • Enable the wireless LAN.
  • Reset LAN settings one more time.

The full list of the affected models, which included 142 inkjet and business inkjet printers and 54 large format printer models can be seen in this link.

While much of the reporting on this news focused on consumers, given all the organizations that have not fully returned to the office following the pandemic, analysts said security teams still managing remote workers should pay attention to the advisory, with many security teams overlook that peripheral devices are an attack vector. Devices on the same network segment are susceptible to cyber threats and prime for reconnaissance and data theft.  

Leave a Reply

%d bloggers like this: