Canon recently released a security advisory stating the wifi connection information do not get wiped on some of their inkjet printers during initialisation. The wifi connection information includes wifi network SSID, password, network type (such as whether it is WPA3 or WEP), assigned IP address, MAC address and network profile. The vulnerability can introduce a security risk if the printer memory is accessed by repair technicians, future buyers of the device or attackers who gain access to the printer through dumpster diving. Such information could allow attackers to gain a foothold into your network. Canon has provided a list of printers who are affected by this vulnerability. Their recommendation is to manually reset all settings in the affected printers before handing the printers to any third parties, such as for repairs, lending or disposing.
https://psirt.canon/advisory-information/cp2023-003/
https://canon.a.bigcontent.io/v1/static/affected-models_20230731_d04c0d9895124b65acd21ca68357dcdc
https://www.darkreading.com/endpoint/canon-inkjet-printers-at-risk-for-third-party-compromise-via-wi-fi
This segment was created for the It’s 5:05 podcast