Jump to content

Canon issues warning about Inkjets and WiFi passwords

Thaldor
By Thaldor
in Tech News
 Share
Posted

Summary

While in the another corner FOSS projects are complaining about EU putting sanctions over companies not taking software security seriously, Canon proves why that is absolutely needed. Canon inkjets may leak your WiFi passwords when discarded because Canons factory reset doesn't empty the WiFi password memory.

Quote

Sensitive information on the Wi-Fi connection settings stored in the memories of inkjet printers (home and office/large format) may not be deleted by the usual initialization process.

 

Canons official press release includes PDF-file with the affected printers which is a bit over 5 pages of home and office printer model families and about 2 pages of large-format printers, so we can probably generalize that it's all WiFi enabled Canon Inkjets (according to Bleeping Computer 196 models, so it's probably simple the generalize it to all).

 

The solution seems to be to factory reset the thing, perform first time setup until enabling WiFi without giving any credentials and factory reset immediately again.

Quote
Mitigation/Remediation
When your printer may be in the hand of any third party, such as when repairing, lending or disposing the printer, take the following steps from the printer unit:
  1. Reset all settings (Reset settings ‐> Reset all)
  2. Enable the wireless LAN
  3. Reset all settings one more time

 

My thoughts

 

Really not something to loose your good nights sleep over.

When the "first time setup" wipes the WiFi password on default it pretty much means someone REALLY needs to want that WiFi password and needs to have more advanced skills and tools than your average stalking ex.

If your company has WiFi printers in the main network and doesn't have secondary credentials to access stuff and all the pretty much basic stuff that should be, then you might want to loose couple eyefuls of good nights sleep, not over this but generally your company's cybersecurity is kind of bad. Like at least put coffee machines, printers and all that similar stuff into it's own separated network so they can't access the mission critical stuff.

 

But this is a good example why we need governments to enforce basic cybersecurity. Factory reset should wipe any and every data there is on default and pretty much checking that the factory reset does what it should do should be one standard device software test. But more this is just shame on Canon for not noticing this for quite a good time, that amount of affected printers seems like an amount of printers released within 5-10 years and no one didn't think to test the factory reset well during that time.

There's just too much these pretty basic problems that shouldn't be even a thing today. Like this is same kind of stuff as using the "admin:admin" or "admin:root" as default login for router and if someone doesn't want to spend the few coins it takes to make that well, they should deserve sanctions for being that greedy.

 

Sources

Canon's official press release

Bleeping computer

Ars Technica

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Welp, when our cannon printer finally dies I guess I'll just change the WiFi password. 

I just want to sit back and watch the world burn. 

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Tech News

×