Canon cybersecurity researchers have warned users that disposing of old home, office and large format inkjet printers without first properly removing the Wi-Fi data could expose them to potentially devastating cyber-attacks.
The Japanese printer giant said that if a repairman, transient user or second-hand buyer gets their hands on such a device, they could gain access to valuable information stored in its memory, such as the network SSID, the password required to access it. get to the network. , network type (for example, WPA3 or WEP), assigned IP address, MAC address, network profile, and so on.
There are nearly 200 Canon inkjet, business inkjet and wide format inkjet printers that are susceptible to this flaw. While the list is too large to share here, it includes models from the E, G, GX, iB, iP, MB, MG, MX, PRO, TR, TS and XK series. If you want to know more, you can find the complete list this link.
Canon said printer users should first delete all saved Wi-Fi settings before discarding/selling the printer (or giving it to an outside repair service). To do that, they have to 1) reset all settings (Reset Settings > Reset All), 2) enable the wireless LAN, 3) reset the settings again.
The devices that do not have the “Reset All” function need to 1) reset the LAN settings, 2) enable the wireless LAN, 3) reset the LAN settings again. For the models to which these instructions cannot be applied, Canon recommends that users refer to the operating instructions.
Analysis: why is it important?
When a company gives away Wi-Fi credentials to a third party, they’re essentially giving them the keys to the kingdom. Using local Wi-Fi, a skilled attacker can map the entire network, identify valuable endpoints, sensitive data, and more, then deploy malware to help them extract that data and cause serious damage. They can also drop ransomware, bringing the entire operation to a halt. Other options include assimilating the devices into a botnet to use to conduct Distributed Denial of Service (DDoS) attacks or installing cryptominers that mine cryptocurrency for the attackers (and render the devices virtually useless to the owners , while inflating the electricity bill).
The only downside is that the attacker must be nearby to pick up the signal from the compromised Wi-Fi network.
Such a vulnerability also requires companies to conduct background checks on any potential purchaser of their used equipment, as there is always a possibility that the purchaser has malicious intent. This can be expensive and time-consuming, especially for small and medium-sized businesses. In addition, recent research has shown that many companies do not dispose of old hardware properly, leaving them open to all kinds of attacks (including this one). While there are companies that specialize in the proper disposal of old and obsolete equipment, many do not use their services but try to dispose of the hardware themselves, risking all kinds of sensitive data falling into the wrong hands. Back in 2017, researchers at Backblaze argued that the best way to get rid of an old SSD drive was to first encrypt and then format it. Because, as it turns out, crooks were even able to salvage data from a device that had been pierced or magnetized.
What have others said about vulnerable printers?
Printers have been vulnerable and targeted from the very beginning, and especially since they became a network device. Unlike the printers of yesteryear, which only connected directly to computers via a USB port, most of today’s printers are network-ready. A printer is just another connected device. You send documents to print over Ethernet or Wi-Fi. Back in 2018, Kaspersky reports how an attacker used Shodan, a device search engine, to discover about 800,000 vulnerable printers and then used them to print a statement of support for a popular YouTuber named PewDiePie.
Two years ago, Microsoft had to release an out-of-band security update to patch a critical vulnerability that allows threat actors to remotely take over vulnerable systems by exploiting vulnerabilities in the Windows printer service. The vulnerability, dubbed PrintNightmare, caused havoc when it was accidentally disclosed by Chinese security researchers who released a proof-of-concept exploit on the assumption that the vulnerability in Windows Print Spooler had already been patched by Microsoft. In mid-June of that year, PrintNightmare was updated to a Critical Severity vulnerability when it was discovered that it could be exploited to execute remote code. To make matters worse, Microsoft’s patch at the beginning of the month failed to successfully resolve this issue.
Earlier this year, in April, HP warned its customers using specific LaserJet models to downgrade their firmware in anticipation of a new patch, as that was the only way to close a loophole that could allow attackers to steal sensitive information.
Go deeper
If you want to learn more, be sure to read our comprehensive guides on the best printers for small and medium businessesjust like the best firewalls. Also, be sure to check out our list of the best hp printersor best wireless printers straight away.
Through: Beeping computer