In a security advisory, Canon announced that certain inkjet printers may retain Wi-Fi connection information in their memories, even after initialization, which could potentially leave them exposed to unauthorized access.
The Flaw
Canon’s warning revolves around a seemingly simple but critical oversight in the initialization process of some of its printers. Under normal circumstances, Wi-Fi connection settings should be erased from the printer’s memory during initialization. Unfortunately, this isn’t happening with some models, and it’s an issue that needs attention.
This retained information can include the network SSID, password, type of network security (e.g., WPA3, WEP), IP address, MAC address, and more.
Potential Risks
The retention of this sensitive data might allow repair technicians, temporary users, or even future buyers to access these connection details. If exploited by malicious parties, this exposure could enable unauthorized access to the printer user’s network.
Attackers could potentially leverage this unauthorized access to steal data, access shared resources, or even launch further attacks, severely compromising both privacy and security.
Affected Models
A staggering 196 inkjet, business inkjet, and large-format inject printer models across the E, G, GX, iB, iP, MB, MG, MX, PRO, TR, TS, and XK series have been identified as impacted by this issue. Canon has provided a separate document to allow users to check if their printer models are affected.
CLICK HERE for the full list of affected models.
Steps to Protect Your Privacy
Canon has offered clear instructions for owners of affected printers. If you plan to give third-party access to your printer, such as for repairs or resale, here’s what you should do:
- For Models with ‘Reset all’ function:
- Reset all settings (Reset settings -> Reset all)
- Enable the wireless LAN
- Reset all settings again
- For Models without ‘Reset all’ function:
- Reset LAN settings
- Enable the wireless LAN
- Reset LAN settings once more
Should these instructions not apply to your specific printer, Canon recommends referring to the manual that accompanied your device.
Stay Vigilant
Canon’s warning serves as an important reminder that even seemingly minor oversights in technology can lead to significant security vulnerabilities. While the tone of this alert may be concerning, it is an issue that can be addressed with careful attention to the guidelines provided.
For those who own a Canon printer, it’s advised to follow the recommended steps and maintain vigilance in safeguarding both privacy and network security. It’s a small effort that could prevent a potentially significant problem.
Secure your devices and network today with a FREE risk assessment from our expert team. Let us help you safeguard your agency’s sensitive data and prepare effectively against cyber threats. Give me a call at 646-374-1820 or email me at walter@motiva.net