Did you know your printer could be a gateway for hackers to access your data? I have been writing about safeguarding personal data since 2005. By now, everyone should know how to protect personal data on computers and phones—meticulously encrypting emails, using passkeys, and regularly updating software. Despite the hard work, one vulnerability often gets overlooked: the printer. Figuring out how to dispose of a printer safely can make or break online security.
New revelations about certain printers recently highlighted the unforeseen security risks lurking in our offices and homes. However, with the following tech tips from cybersecurity experts, you can combat the unexpected threat found in many printers and fortify your data against hackers.
Why Printers Pose a Security Risk
Any digital device that connects to Wi-Fi, including printers, stores data about the network on its hard drive. This is usually beneficial since it allows the printer to automatically connect to the network without requiring you to re-enter the information every time. However, Chris Pierson, CEO of the cybersecurity company BlackCloak, warns that when you sell or recycle a printer, you should delete this saved data by performing a memory wipe or factory reset. The reset prevents cybercriminals from discovering and exploiting the information on the printer.
There’s just one problem: Canon has announced a security flaw in several printers. The security flaw leaves behind the stored Wi-Fi information even after the reset process. If a hacker gains access to the printer after you sell it or throw it away, they could find these wireless settings simply by going to the Wi-Fi option in the main menu. Canon reports that this issue affects several printer models, including the E, G, GX, iB, iP, MB, MG, MX, PRO, TR, TS, and XK series.
What information is at risk?
Data about your wireless settings—including your Wi-Fi name, Internet Protocol address, and network password—could all stick around even after resetting your Canon printer. Once hackers find that information through the menu commands, they could easily log in to the Wi-Fi network and spy on your online activity, including sensitive information like your bank account login, credit card numbers, and personal photos.
Is this a problem with all printers?
BlackCloak CEO Pierson says the current notice is specific to Canon’s printers and “serves as a reminder [of the risks] to everyone with any electronic device that connects to a … network.” That includes other Wi-Fi connected printers and smart devices like Ring doorbells, refrigerators, dryers, and light bulbs.
You might be surprised by all the devices in your house that access and store your Wi-Fi settings—and consequently might leave your data vulnerable. “Wi-Fi-connected devices have proliferated, and [they include] things that we may not think of,” says Alex Hamerstone, a director at security consulting firm TrustedSec. “A lot of low-priced consumer electronics from previously unknown manufacturers have Wi-Fi access now, and I would be more worried about those.”
Steps to Safely Dispose of Printers
Before you throw away, donate, or even send your printer in for repair, you should always perform a factory reset to erase all stored information. The specific steps for a factory reset will vary depending on your printer model. Still, the reset function resides under the “General” or “Setup” setting in the main menu.
Canon printers
For Canon printers, follow these steps for a factory reset:
Go to the Setup option in the main menu.- Select Device settings > OK, then select Reset settings > OK.
- Find Reset, then choose OK.
- Select Yes to restore the printer to factory settings.
In addition, users with one of the affected Canon printers must follow these additional steps to remove their Wi-Fi data.
- In the menu, go to Reset Settings> Reset All.
- Enable the wireless LAN.
- Follow the first step again: Reset settings > Reset all.
If you have a Canon printer model that does not have the “Reset all settings” function, do this instead:
- Select Reset LAN settings.
- Enable the wireless LAN.
- Select Reset LAN settings one more time.
HP printers
For HP LaserJet Pro 4001n printers, follow these steps from HP for a factory reset:
Turn Off the Printer: Turn the printer completely turned off.- Turn On the Printer: Turn the printer back on and wait for the HP logo to appear on the screen.
- Access the Preboot Menu: As soon as the HP logo appears, press and hold the “Cancel” button (usually marked with an “X”) until the “Preboot” menu appears on the display.
- Navigate to Administrator Settings: Use the arrow buttons to navigate to “Administrator” and press the “OK” button.
- Restore Factory Settings: In the “Administrator” menu, find and select “Restore Factory Settings.” Confirm your choice when prompted. The printer will begin restoring factory settings.
- Wait for the Process to Complete: The printer will restart during this process. Wait until it fully restarts and displays the home screen.
Additional Tips for Printer Security
- Disable or limit the printer’s network connectivity, such as Wi-Fi, Bluetooth, or cloud services, if you don’t use them.
- You can also turn off the printer’s memory or hard drive to erase your data after printing.
- Enable the printer’s password, PIN, or biometric authentication to prevent anyone from accessing its data without permission.
- Keep your printer’s software up to date. Patches will close any security vulnerabilities that hackers could exploit.
- Avoid connecting your printer to public Wi-Fi, which could make it vulnerable to spyware and other security risks.
rb-
Ensuring the security of your personal data extends beyond computers and smartphones to include often-overlooked devices like printers. Following the steps outlined in this article, you can effectively decommission your printer and protect sensitive information from potential cyber threats. Stay vigilant, keep your devices updated, and always perform a factory reset before disposing of any electronic device. Secure your printer today to safeguard your data and maintain your online privacy.
Related article
Ralph Bach has been in IT for a while and has blogged from the Bach Seat about IT, careers, and anything else that has caught my attention since 2005. You can follow me on Facebook or Mastodon. Email the Bach Seat here.
In case you have not noticed the world is changing. People who know this stuff say our brains have not changed as much as our surroundings. Our brains are hardwired to keep us safe. It is called “
The CIO article offers up another legal nightmare scenario: Lacking MDM tools to block out what can and cannot be seen on a BYOD smartphone, a help desk technician notices that an employee’s device has a lot of personal apps about a health problem—and mentions his concern to the employee in the cafeteria.
MDM software advanced quickly and seemed to come up with a fix. Now companies can wipe only corporate apps from a BYOD smartphone or tablet, leaving personal apps untouched. In fact, AirWatch won’t even allow a full device wipe anymore for legal reasons. While this helps tremendously, it doesn’t completely solve the problem.
