Canon Inkjet Printers at Risk for Third-Party Compromise via Wi-Fi

Canon released a security advisory this week detailing concerns over risks to its inkjet printers and the sensitive information on the Wi-Fi settings stored in memory, claiming they may not be adequately deleted in its usual process.

If this vulnerability were to be exploited, it could lead to a data breach, putting users at risk and compromising the overall data security. When any of these potentially compromised printers are in the hands of third parties, there is a risk of unauthorized access that could ultimately lead to information getting in the hands of threat actors.

"There is always some risk when a third party is working on hardware, or hardware is sold or repurposed, that some sensitive data may be recovered from the device," Mike Parkin, senior technical engineer at Vulcan Cyber, wrote in an emailed statement. "Users or organizations that have the affected kit should follow the vendor guidelines to make sure the data is properly wiped."

Canon has provided a lengthy list of affected printers, as the type of information stored in each varies based on the model, and it's clear the problem is vast, with 196 different models affected. 

The company has provided recommended mitigations for what to do when a user's printer is in use by a third party: Reset all settings, enable the wireless LAN, and, finally, reset the settings once more. Canon also offered additional steps for those models that lack a "reset all settings" function. The vendor also referred customers to their respective owner's manual for specific reset instructions.