Canon warned users that sensitive information on the Wi-Fi connection settings stored in the memories of home, office and large format inkjet printers may not be deleted by the usual initialization process.
The large printer vendor posted in an advisory Monday that when a third-party takes control of a printer, such as when repairing, lending, selling or disposing the device, a user’s information may get exposed and potentially vulnerable to a wide range of malicious activities.
Canon provided the following instructions to mitigate the issue by wiping Wi-FI settings:
- Reset all settings (Reset settings ‐> Reset all).
- Enable the wireless LAN.
- Reset all settings one more time.
For models that do not have the ‘Reset all’ function in the settings menu, Canon said users can follow the following procedure:
- Reset LAN settings.
- Enable the wireless LAN.
- Reset LAN settings one more time.
Canon also posted a full list of the affected models, which included 142 inkjet and business inkjet printers and 54 large format printer models.
Peripheral devices are attack vectors
While much of the reporting on this news focused on consumers, given all the organizations that have not fully returned back to the office following the pandemic, analysts said security teams still managing remote workers should pay attention to the advisory.
Many security teams overlook that peripheral devices are an attack vector, said Timothy Morris, chief security advisor at Tanium. Morris said devices on the same network segment are susceptible to cyber threats and prime for reconnaissance and data theft.
“In the post-covid remote worker environment, printers present a challenge,” said Morris. “It’s important that those devices be segmented where possible. Security teams need to educate users, both in the office and those who continue to work from home, and offer configurations that will reduce the risk. Those include complete network segmentation where a printer is not required for their daily tasks and split-tunneling where it’s necessary to use a printer. Risk can be further mitigated using personal firewall rules on the user’s workstation and/or an allow list on the printers.”
John Gallagher, vice president of Viakoo Labs, added that IoT devices such as printers, routers, and IP cameras often have confidential information stored in them and suffer from lax security. Gallagher added that many home routers use default login credentials, and many home users as well as enterprises take a “set it and forget it” approach to IoT security.
“While most threat actors are after bigger fish than the traditional home user, the number of remote workers and mixing of home and business systems are a path for data exfiltration and other exploits launched from vulnerable IoT devices in the home,” said Gallagher. “Organizations should up their training of home workers to include IoT security training, and in the case of workers with access to highly sensitive data find ways to restrict access to only company-provisioned systems. Organizations should also encourage — and fund — additional layers of security for home workers, including router-level firewalls and comprehensive threat detection and remediation solutions.”
