iStock_80038439_XXXLARGE

Canon Security

On this page you will find important information regarding Canon security

Latest News

Fax Vulnerability

Recently, researchers reported on vulnerabilities found in the communication protocols in the fax functions of certain products. (CVE-ID: CVE-2018-5924, CVE 2018-5925). For information regarding the impact of these vulnerabilities on Canon products equipped with fax functions, please see below:

Based on our review, as they do not employ the colour G3 Fax Protocol exploited by these vulnerabilities, the following products are unaffected: imageRUNNER/iR, imageRUNNER ADVANCE, LASER CLASS, imagePRESS, FAXPHONE, GP and imageCLASS/i-SENSYS series models equipped with fax functions.

MAXIFY and PIXMA series products equipped with fax functions do make use of the Colour G3 Fax Protocol. However, we have not identified any risk of malicious code being executed via the fax circuit or risk to the security of information saved on these devices.

We will continue to monitor this situation and take appropriate action necessary to help ensure the security of our devices.


Spectre and Meltdown CPU Security Vulnerabilities

Vulnerabilities were recently made public regarding certain CPUs from Intel, AMD and ARM that make use of speculative execution to improve their performance. These vulnerabilities may allow an attacker to gain unauthorised access to areas of private cached memory.

Two variants of the vulnerabilities that use different techniques to exploit the speculative execution functions within the affected CPUs were identified and named. They are CVE-2017-5715, CVE-2017-5753: “Spectre” and CVE-2017-5754: “Meltdown”.

The following Canon external controller products may be impacted by the vulnerabilities. Though there is currently no known way to exploit these vulnerabilities, countermeasures are being prepared so that customers can continue to use our products without concern.

ColorPASS:
GX300 v2.0, GX300 v2.1, GX400 v1.0, GX500 v1.1

imagePASS:
U1 v1.1, U1 v1.1.1, U2 v1.0
Y1 v1.0, Y2 v1.0

imagePRESS-CR Server:
A7000 v2.1, A7000 v3.0, A7300 v1.0, A7500 v2.1, A8000 v1.1

imagePRESS Server:
A1200 v1.0, A1200 v1.1, A1300 v1.0, A2200 v1.0, A2200 v1.1, A2300 v1.0, A3200 v1.0, A3200 v1.1, A3300 v1.0
B4000 v1.0, B4100 v1.0, B5000 v1.0, B5100 v1.0
F200 v1.21, H300 v1.0
J100 v1.21, J200 v1.21
K100 v1.0, K200 v1.0
Q2 v2.0, Z1 v1.0


The following Canon service may be impacted by the vulnerabilities. Though there is currently no known way to exploit these vulnerabilities, countermeasures were put in place by end of February 2018.

MDS Cloud

All Canon laser multifunction printers and Canon laser printers and their related software products, except the above-mentioned, are not affected by these vulnerabilities through any known exploitation process. Customers can continue using our products reliably.

Canon is constantly working to ensure the highest level of security is reached in all our products and solutions. We take the security of our customer information seriously and its protection is our utmost priority.


Vulnerability in WPA2 Wi-Fi Encryption Protocol

Recently, a researcher made public a vulnerability known as KRACKs in the standard wireless LAN (Wi-Fi) encryption protocol WPA2. This vulnerability allows an attacker to intentionally intercept the wireless transmission between the client (terminal equipped with Wi-Fi functionality) and the access point (the router etc.) to perform potentially malicious activity. For that reason, this vulnerability cannot be exploited by anyone outside the range of the Wi-Fi signal or by anyone in a remote location using the internet as an intermediary.


We have yet to confirm that any issues have been encountered by users of Canon products as a result of this vulnerability, however, in order to allow customers to continue using our products with peace of mind, we recommend the following preventative measures:
•Use a USB cable or Ethernet cable to directly connect compatible devices to a network
•Encrypt data transmission from devices that enable encryption settings (TLS/IPSec)
•Use such physical media as SD cards with compatible devices
•Use such settings as Wireless Direct and Direct Connect with compatible devices


As the operation procedures and functions offered vary from device to device, please consult your device’s manual for more details. We also recommend you take appropriate measures for such devices as your PC or smartphone. For information on the appropriate measures for each device, please contact the device’s manufacturer.



Product Security

With the popularisation of the Internet and wireless LAN technology, a diverse range of electronic devices are now capable of connecting to a network, enabling the remote operation of various functions.

By connecting to a network, information devices can become vulnerable to unauthorised third-party access, which could lead to such security issues as unauthorised usage of the device.

To minimise the likelihood of such issues, devices must make use of proper settings and be used in a secure environment.

To help ensure that our customers can use Canon products with peace of mind, we recommend that users implement the following security measures -

1. Create an administrator ID and password

In order to strengthen the security of your Canon product, please create an administrator ID and password. Administrators can limit access to a multifunction printer and control which functions are made available to individual users. This helps to prevent unauthorised access to the device and protects data held in the machine’s configuration.

2. Use a private IP address

When setting up your printer, assign a private(internal) IP address. This gives you more control over access to the device than assigning a public(external) IP address which may permit unauthorised access over the internet to the device and it’s functions.

3. Configure a firewall (using a router etc)

When installing your Canon product on an internal/home network check your router/firewall set up to ensure that the device is not visible from the internet (unless this is your intention). If this is a physical connection check the cable is plugged into an internal port. If this is on a corporate network you may need to contact your network administrator for guidance.

4. Encrypt communications

If your Canon device is capable of supporting encryption we recommend that this is enabled to ensure communication between your device and the printer remains secure. This would mean that you are communication with the devices using https or equivalent.


Security measures for specific Canon products

We are aware of news articles regarding research from University Alliance Ruhr concerning potential vulnerability for networked printers via the PostScript programming language used widely across our industry. No Canon devices were tested in the research.

Canon works constantly to ensure the highest level of security in all of our products and solutions, including networked printers. We take the security of our customer’s information seriously and its protection is our utmost priority. Our MFD Hardening Guide, explains and advises on the best configuration settings for secure implementation.

Information regarding security measures for specific Canon products and their set-up procedures are outlined below. Please note, the information is only available in English –



Certification

ISO 27001 Information Security

Canon places the highest focus on Information Security safeguarding the confidentiality, integrity and availability of written, spoken and electronic information, to ensure the following is assured at all times:

  • Confidentiality - ensuring that information is accessible only to those authorised to have access
  • Integrity - safeguarding the accuracy and completeness of information and processing methods
  • Availability - ensuring that authorised users have access to information when needed

ISO 27001 certification demonstrates that Canon Europe has systems in place to protect corporate information and data, whether this is online or offline. By holding ISO 27001, Canon Europe can confirm that it’s security processes from development to delivery have been externally assessed and have been 3rd party certified to an internationally recognised standard.

Canon Europe has received ISO 27001 certification for its information security management system, reassuring customers that we adhere to world class standards. It covers all aspects of information security from risk and audit management to product security and incident management.


Our Information Security Management System (ISMS) covers the following areas:

  • security policy
  • organisation of information security
  • asset management
  • human resources security
  • physical and environmental security
  • communications and operations management
  • access control
  • information systems acquisition, development and maintenance
  • information security incident management
  • business continuity management
  • regulatory compliance



Report a security issue

If you are aware of a security issue relating to a Canon product, system or service, we would like to hear from you.

How to contact us

If you believe you have discovered a security issue with a Canon product or have a security incident to report, please email product-security@canon-europe.com. Please include a detailed summary of the security issue, the exact name of the product, software version and the nature of the issue. Please also include an email address and telephone number so we can contact you if we require more information.

Non-security support enquiries

Please note that this email address is only for reporting security issues and not for general support issues. Please visit our Support pages for help with any other issue.

We take security issues seriously and will respond swiftly to fix verifiable issues however some of our products are complex and take time to update. When properly notified of legitimate issues, we will do our best to acknowledge your email, investigate the issue and fix them as quickly as possible.



Fraudulent Store Warning

It has come to our attention that there are several websites claiming to offer significantly discounted Canon products at 90% off or more. These websites are designed to look like our official Canon Store and we believe they are not legitimate, aimed only at confusing and deceiving our customers into sharing personal and financial data. We advise our customers to be vigilant when shopping online with Canon and other retailers.


To recognise the official Canon online store, all Canon stores across Europe have a similar domain name: https://store.canon.xx
The final characters change per each country. For example: https://store.canon.fr & https://store.canon.co.uk.

You might also need...