Vulnerabilities in Canon i-SENSYS printers: how dangerous are they really?

A group of expert security researchers, all in turn collaborators of Zero Day Initiative (Trend Micro), reported 7 vulnerability in printers Canon i-SENSYS. In Europe these are models that are part of the following series of printing devices: LBP673Cdw, MF752Cdw, MF754Cdw, C1333i, C1333iF and C1333P.

In all cases we are talking about critical security problems because they expose the owners of the printers with firmware not updated to the risk of remote code execution (RCE) or DoS attacks (Denial of Service), aimed at making the device unusable.

Canon confirmed the issues in question by providing a complete list of CVE identifiers for each issue. For all of them we are talking about a level of critical issues equal to 9.8 on a scale of 10. But is there a real risk for users who own these printers? What can happen if the firmware is not updated promptly?

Updating the firmware of Canon i-SENSYS printers is important but… the sky is NOT falling

There is an English expression widely used also and above all in the IT field to report a particularly relevant security problem, which can have an impact on a large audience of users: the sky is falling. It is an idiomatic phrase inspired by the fairy tale of Chicken Littlein which a small bird mistakenly claims that the sky is falling, causing panic among the other animals.

In the case of Canon i-SENSYS printers there is absolutely no need to raise alarms. The Japanese company itself underlines that there may be a concrete risk if and only if the printer was associated with a public IP addressreachable directly from remote hosts connected to the Internet (and therefore also by potential cyber criminals).

But who connects a printer with a public IP on the WAN port today? Who doesn’t assign these devices a local IP address downstream, at least, of a router with firewall and NAT functionality (Network Address Translation)? Even if the latter cannot and should not be considered a real security solution.

Any risks of execution of malicious code, therefore, are limited to the scope of the local network. Of course, if malicious objects capable of doing so were already present in the LAN move laterallythe flaws present in the i-SENSYS printers would perhaps be the least of the problems…

What to do to protect yourself

Anyone using a Canon i-SENSYS printer should install the latest firmware updates as soon as they are released by Canon as soon as possible.

Firmware versions 03.07 and earlier are considered vulnerable: it is therefore advisable to install the corrective patches as soon as possible.

In another article we asked ourselves whether it is really important to update the printer’s firmware: it is certainly less important, for example, than updating the firmware of a routeran access point, a firewall, a device for the Internet of Things and any other device connected directly to the Internet.

The discriminating factor is precisely this: if a product is exposed directly on the internet, we should first of all avoid exposing all its features. communication ports, limiting themselves to those strictly necessary. Exactly how you do it when managing and protecting a server. Furthermore, the fixing vulnerabilities evidently assumes essential importance.

If one or more devices are “behind” a firewall or a router, then you can move with greater peace of mind, without taking anything for granted. THE worm Blaster e Sasser of 2003-2004 spread across many systems because they were able to exploit the fact that many private users were connected directly to the network with simple modem. The absence of a Microsoft patch (not installed by users…) allowed the attackers to spread that malware very quickly worldwide and have an easy “game”.

Those times, in many ways, are distant but the vulnerability wormable they still exist, leveraging unprotected and/or outdated devices equipped with a public IP. It is precisely on those that it is essential to focus attention. But this is not the case with i-SENSYS printers, at least in the “typical” configuration.

LEAVE A REPLY

Please enter your comment!
Please enter your name here