Did You Reset Your Canon Printer Before Selling It? Apparently, It’s Not Enough

  • Canon cautioned its users of a security issue in almost 200 models.
  • The bug can expose network details such as password, network SSID, MAC address, network type (WPA2/3, etc.), IP address, and more.
  • Read on to learn how to fix it.

This week, Canon flagged security risks from a flaw in some of its inkjet printers. The Japanese company warned that WiFi connection settings stored in said printers remain undeleted even if the user factory resets the devices.

Sensitive WiFi connection settings could potentially breach user privacy and impact data security by exposing the WiFi network connection information if the printer memory is unwittingly harvested by anyone who uses it after resetting.

As such, users are advised to manually wipe out WiFi settings before selling the inkjet printers, handing them in for repairs, or even disposing of them to avoid accidentally exposing details such as the password, network SSID, MAC address, network type (WPA2/3, etc.), IP address, and more.

In total, 196 models are affected by the bug, including inkjet, business inkjet, and large-format inkjet printer models belonging to the E, G, GX, iB, iP, MB, MG, MX, PRO, TR, TS, and XK series. Find the list hereOpens a new window .

Using the undeleted connection details from any of these Canon printers, threat actors can infiltrate the network where the printer was originally connected, thereby accessing other connected devices and network resources.

See More: Hundreds of FCEB Devices Are Violating CISA’s Latest Directive

While network-related threats can be severe, especially in a corporate environment, Roger Grimes, data-driven defense evangelist at KnowBe4, has a contrarian opinion.

“This is pretty low risk,” Grimes told Spiceworks. “I can imagine some people not being happy that someone else has access to their wireless network, but decades of experience have shown us that unauthorized wireless access hasn’t been the huge threat we have all worried about for a long time.”

“In fact, I have many friends who don’t secure their WiFi (at home) and don’t end up encumbering any problems. I think someone would have to think hard to come up with a supposed edge case that really was a problem,” Grimes continued.

“In this case, you’re talking about someone possibly reconnecting an old printer to an unauthorized network. And if they do, so what? What can they do? They can’t even grab print jobs out of the air. Other than it being an information event, there is very low risk.”

Nevertheless, Canon advised users to perform the following mitigation or remediation measures in the specified order:

  1. Reset all settings (Reset settings ‐> Reset all).
  2. Enable the wireless LAN.
  3. Reset all settings one more time.

For models that do not have the Reset all settings function, Canon said to do the following:

  1. Reset LAN settings.
  2. Enable the wireless LAN.
  3. Reset LAN settings one more time.

How can manufacturers implement security best practices in hardware and software design? Share your thoughts with us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to hear from you!

Image source: Shutterstock