Canon warns about bug affecting data stored on printers

The Japanese tech giant Canon is warning customers about a vulnerability that affects hundreds of its inkjet printer models.

According to a security advisory released Monday, more than 200 Canon home, office, and large format business printer models fail to properly erase Wi-Fi configuration settings during a reset.

The company didn't say if the flaw is actively being exploited, but it advised users who want to repair, lend or dispose of a printer to follow a specific process to ensure that all settings are completely erased.

The flaw could potentially allow threat actors to access data stored in the printers, including the Wi-Fi password, network type, assigned IP address and network profile, the company said.

With this data, various types of attacks are possible, such as eavesdropping on the data transmitted over Wi-Fi, altering users’ network settings and hacking the devices connected to the compromised internet network.

Canon didn’t respond to Recorded Future News’ request for comment on how it will address the issue and when the firmware will be updated.

Like any other network-connected device, printers and their associated network software are vulnerable to various types of cyberattacks. Earlier in May, Iran-based hackers exploited a recently-discovered vulnerability affecting a popular printing management software, PaperCut.

Hackers have also been known to compromise printers to remotely print ransomware notes, as seen in some attacks on colleges and universities.