HP Claims Monopoly on Ink, Alleges 3rd-Party Cartridge Malware Risk


The company now claims that allowing third-party ink cartridges in its printers would expose them to viruses and malware.

Hewlett-Packard (HP) claims to have laptops that effectively block unwelcome snoopers, but why does the company maintain a monopoly over its ink cartridges? Well, HP is reaffirming its monopoly on refillable ink cartridges for printers following a lawsuit for blocking third-party ink with Dynamic Security updates.

The company claims that third-party cartridges can infect users’ PCs with viruses or malware, which can then reach the printer and network. In an interview with CNBC, HP CEO Enrique Lores defended HP’s practice of bricking printers when loaded with third-party ink, based on the company’s 2022 research.  It suggests ink cartridge microcontroller chips could be a cyber threat.

The company tasked Bugcrowd researchers to determine it under its bug bounty program in 2022 and learned that HP’s cartridges, which typically use a secure chip for communication with printers, could contain malicious software if sold by third parties.

HP’s chief technologist of print security, Shivaun Albright, stated back then that the hacker could inject code into the device beyond the bounds of the buffer. HP acknowledges that there is no evidence of in-the-wild exploitation of this hack, but given that the chips used in third-party ink cartridges are reprogrammable, they are indeed vulnerable.

However, Ars Technica Senior Security Editor Dan Goodin believes there are no known attacks that can infect printers using hacked ink cartridges. Goodin raised concerns about the potential use of ink cartridges as a cyber threat, but cybersecurity professionals were sceptical.

Hackread.com’s Founder and Editor, Waqas, dismisses the argument that third-party cartridges can compromise a printer with malware as weak and unconvincing. He draws a comparison, stating, “This reminds me of Kellyanne Elizabeth Conway, the Counselor to then-President Donald Trump, who quite convincingly claimed in an interview that she believes microwaves can be hacked and turned into cameras for spying purposes.”

However, Lores’ comments raise concerns about security vulnerabilities as he presented a scenario where a compromised ink cartridge could launch malware onto a connected network. HP claims its chips are secure, implying that its authentication mechanisms are reliable. Still, fearing infection from third-party cartridges may prevent some customers from purchasing ink from HP, despite HP’s claims of chip authenticity.

For your information, HP has been hit with a lawsuit over its Dynamic Security system (PDF), which stops printer operation if an ink cartridge without an HP chip or HP electronic circuitry is installed.

The lawsuit (PDF) seeks class-action certification, alleging that HP customers were not informed that firmware updates issued in late 2022 and early 2023 could result in printer features not working.

The lawsuit seeks monetary damages and an injunction to deter HP from issuing printer updates, which block ink cartridges without an HP chip as compromised ink cartridges can allow malware to invade the connected network.

Printer manufacturers like HP have faced criticism for security flaws, potentially allowing hackers to access sensitive data or control printing functions. Lores emphasized the need for stronger security measures in the printer industry.

“I think for us it is important for us to protect our IP. There is a lot of IP that we’ve built in the inks of the printers, in the printers themselves. And what we are doing is when we identify cartridges that are violating our IP, we stop the printers from work” Lores stated in an interview with CNBC.

  1. HP Printer’s Hard Drive Can Be Used To Host Malicious Files
  2. Keylogger spotted – HP machines could turn into a spyware
  3. Lenovo removes backdoor in networking switches since 2004
  4. Hacker takes over thousands of Printers; sends alerts to users
  5. Researcher finds pre-installed keylogger in hundreds of HP laptops





Source link