Hundreds of Canon Inkjet Printer Models Can Leak Wi-Fi Connection Config
Take action: With Canon Printers Leaking Wifi Data, sending them out for servicing becomes a security problem. Canon has provided a "Kill it with fire" mitigation process, and it's good for all IT teams to be educated in this process. Or just connect the printer using a wired network and wipe the Wifi config. Wipe it twice.
Learn More
Canon issued a warning about a critical security flaw in more than 200 of its inkjet printer models. The vulnerability lies in the printers' failure to properly erase Wi-Fi configuration settings, putting both home and office printer series at risk.
The problem arises when printer owners need to send their devices for repair or dispose of them. In such cases, they are advised to delete the Wi-Fi settings from the printer's memory so any potential malicious actor having access to the printer can't glean the WiFI configuration.
However, due to the flaw, the impacted printer models do not adequately erase this information, leaving it accessible to potential malicious actors.
This means that unauthorized third parties could extract the stored Wi-Fi connection settings, sell it or perform unauthorized access to internal networks, which can lead to severe security breaches and data leaks.
To mitigate the risk of information exposure, Canon recommends a specific reset procedure for the affected printers:
- Users are advised to perform a full reset of all settings,
- then enable the wireless LAN,
- finally, reset all settings once more.
- For certain models that lack the "reset all settings" function, users should reset LAN settings, enable wireless LAN, and then perform a second reset of those settings.
As of now, it remains unclear whether Canon will release firmware updates to address this security flaw.
