Cybersecurity researchers from Canon have warned users that discarding old home, office, and large format inkjet printers, without properly deleting Wi-Fi data first, could open them up to potentially devastating cyberattacks.
The Japanese printer giant said that if a repair technician, temporary user, or a second-hand buyer gets their hands on such a device, they could access valuable information stored in the memory, such as network SSID, the password needed to access the network, network type (for example, WPA3, or WEP), assigned IP address, MAC address, network profile, and similar.
There are almost 200 inkjet, business inkjet, and large-format inkjet printers from Canon that are susceptible to this flaw. While the list is too big to share here, it includes models from the E, G, GX, iB, iP, MB, MG, MX, PRO, TR, TS, and XK series. Those who wish to learn more can find the full list on this link.
Canon said printer users need to first delete all stored Wi-Fi settings before discarding/selling the printer (or giving it to a third-party repairing service). To do that, they need to 1) Reset all settings (Reset settings > Reset all), 2) Enable the wireless LAN, 3) Reset the settings again.
The devices that don’t have the “Reset all” feature need to 1) Reset LAN settings, 2) Enable the wireless LAN, 3) Reset LAN settings again. For the models where these instructions can’t be applied, Canon suggests users look at the operation manual.
Analysis: Why does it matter?
When a business gives away Wi-Fi login data to a third party, they’re essentially giving them the keys to the kingdom. Through local Wi-Fi, a skilled threat actor can map out the entire network, identify valuable endpoints, sensitive data, and more, and then deploy malware to help them extract that data and cause serious damage. They can also drop ransomware, bringing the entire operation to a grinding halt. Other options include assimilating the devices into a botnet to be used to launch Distributed Denial of Service (DDoS) attacks or installing cryptominers that mine cryptocurrency for the attackers (and render the devices practically useless for the owners, while inflating the electricity bills).
The only downside is that the attacker needs to be in relevant proximity, in order to catch the compromised Wi-Fi network’s signal.
Such a vulnerability would also require businesses to do a background check on every potential buyer of its used equipment, because there is always a possibility that the buyer is malicious in their intent. That could prove to be expensive and time-consuming, especially for small and medium-sized businesses. Furthermore, recent research has shown that many businesses don’t dispose of old hardware the right way, opening them up to all kinds of attacks (this one included). While there are businesses out there that specialize in the proper disposal of old and outdated gear, many firms don’t use their services but rather try and dispose of the hardware themselves, risking all kinds of sensitive data getting into the wrong hands. Back in 2017, researchers from Backblaze argued that the best way to get rid of an old SSD drive was to first encrypt it, and then format it. Because, as it turns out, crooks could salvage data even from a device that was drilled through, or magnetized.
What have others said about vulnerable printers?
Printers have been vulnerable, and targeted, since their very inception, and especially since becoming a network device. Unlike the printers of old, which only connected to computers directly through a USB port, most of today’s printers are network enabled. A printer is simply another connected device. You send documents to print over Ethernet or Wi-Fi. Back in 2018, Kaspersky reported how a threat actor used Shodan, a search engine for devices, to discover roughly 800,000 vulnerable printers and then used them to print a message of support for a popular YouTuber named PewDiePie.
Two years ago, Microsoft was forced to release an out-of-band security update to patch a critical vulnerability that could enable threat actors to remotely take over vulnerable systems by exploiting weaknesses in the Windows printer service. Called PrintNightmare, the vulnerability created havoc when it was accidentally disclosed by Chinese security researchers who put out a proof-of-concept exploit thinking the vulnerability in Windows Print Spooler had already been patched by Microsoft. In mid-June of that year, PrintNightmare was updated to a critical severity vulnerability as it was discovered it could be exploited to achieve remote code execution. To make matters worse, Microsoft’s patch at the beginning of the month did not successfully resolve this issue.
Earlier this year, in April, HP warned its customers using specific LaserJet models to downgrade their firmware in anticipation of a new patch, as that was the only way to plug a hole that allowed threat actors to steal sensitive information.
Go deeper
If you want to learn more, make sure to read our in-depth guides on the best printers for small and medium-sized businesses, as well as the best firewalls. Also, make sure to check out our list of the best HP printers, or best wireless printers right now.
Via: BleepingComputer