cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

WiFi weakness and vulnerability in wifi capable canon printers

Anonymous
Not applicable

How does a person permantently disable or physically remove the WLAN adapter in a Canon Printer?

 

 

I have a handful of printers that are connected via USB to publically accessible kiosks.  I have turned off the WIFI in the printer settings, but that is not sufficient to secure the printer.  Yes the printers are physically secured within a secure cabinent.  I find that anyone with an Bonjour or NFC enabled mobile device mearly has to place their device near the printers and the printers will automatically enable WIFI then sets up the default adhoc network with no security or authentication of any kind.  This would indicate that the printer WLAN adapter is ALWAYS active and listening for Apple devices regardless of the wireless lan settings of the printer.  I have yet to find a menu setting on the pirnter that disables NFC and/or bluetooth.  I cannot justify exposing $2,000+ printers to the public just because they have BASIC security setttngs that a retail/off the shelf printer fails to provide.

 

 

How do I prevent this behavior?

1 ACCEPTED SOLUTION

Anonymous
Not applicable

I found a work around for this behavior. The printers wanted a wireless connection so I gave them one.  I took an old Linksys WRT54G wifi router and created a decoy wireless network (802.11b) with a hidden SSID and AP isolation enabled.  The router is not connected to anything, no LAN, no WAN, nothing, just the wifi using 1 Mbps 802.11b.  This seems to prevent the printer settings from being over written on power cycle.  Why did I have to got to this extent to secure these printers?

View solution in original post

4 REPLIES 4

shadowsports
Legend
Legend

Greetings,

"retail/off the shelf devices.

 

Can you give the community anything else to go on?

~Rick
Bay Area - CA


~R5 C (1.0.7.1) ~RF Trinity, ~RF 100 Macro, ~RF 100~400, ~RF 100~500, ~RF 200-800 +RF 1.4x TC, BG-R10, 430EX III-RT ~DxO PhotoLab Elite ~DaVinci Resolve ~ImageClass MF644Cdw/MF656Cdw ~Pixel 8 ~CarePaks Are Worth It

Anonymous
Not applicable

Canon imagePROGRAF PRO-1000

Have three of these setup in a secure kiosk style access to authenticated users.
However each time these printers get power cycled they power up with WIFI turned on by default, and accept ad-hoc connections from ANY Wifi device within a 250 foot radius. (At this distance the printer ad-hoc network is visble to devices outside of the building.)  This is not acceptable.

The only method of connecting to these printers I will accept is the USB connection to kiosk work station.

 

I have set the wifi and ethernet connections to disabled in the settings menu, but as I said before these setting are overwritten with the factory default values at power up.  

The MANAGEMENT TOOLS provided on the setup CD are not capable of resolving this issue.
Customer support has not been able to provide a solution for this either.

 

How do I stop this behavior?   

Hello Dinglebob,

 

The Direct connection for the printer is not on by default and would need a password to connect. It looks like the direct connection is turned on and the password is disabled. The connection does not sound like it is working normally. You can disable the direct connection using the steps in the link HERE.

 

We would be happy to assist further with the issue. To provide some feedback or some troubleshooting steps, we would need some additional information. If you could reply to this message with the information below, we can provide some assistance.

 

  1. What is the name of the direct connection that appears when the printer comes up?
  2. When connecting, does it ask for a password?
  3. When you went into the direct connection settings using the steps in the link above, did it give you an option to disable the connection?

 

 

Anonymous
Not applicable

I found a work around for this behavior. The printers wanted a wireless connection so I gave them one.  I took an old Linksys WRT54G wifi router and created a decoy wireless network (802.11b) with a hidden SSID and AP isolation enabled.  The router is not connected to anything, no LAN, no WAN, nothing, just the wifi using 1 Mbps 802.11b.  This seems to prevent the printer settings from being over written on power cycle.  Why did I have to got to this extent to secure these printers?

Avatar
Announcements