Skip Navigation

HP CEO: Blocking third-party ink from printers fights viruses

His claims are quickly debunked in the article, as the true reason is, obviously, protecting their IP and subscription model

42 comments
  • Unsurprisingly, Lores' claim comes from HP-backed research. The company's bug bounty program tasked researchers from Bugcrowd with determining if it's possible to use an ink cartridge as a cyberthreat. HP argued that ink cartridge microcontroller chips, which are used to communicate with the printer, could be an entryway for attacks.

    As detailed in a 2022 article from research firm Actionable Intelligence, a researcher in the program found a way to hack a printer via a third-party ink cartridge. The researcher was reportedly unable to perform the same hack with an HP cartridge.

    Shivaun Albright, HP's chief technologist of print security, said at the time:

    "A researcher found a vulnerability over the serial interface between the cartridge and the printer. Essentially, they found a buffer overflow. That’s where you have got an interface that you may not have tested or validated well enough, and the hacker was able to overflow into memory beyond the bounds of that particular buffer. And that gives them the ability to inject code into the device."

    This is a remarkable amount of effort and money to spend trying to demonstrate the "truth" of something which everyone involved was surely aware was bullshit from start to finish. I'm honestly at a loss to figure out what was the point, unless the point was "help me help I have too much money what am I gonna do with all this money."

    (I looked it up, and the bug bounty program awarded "up to" $10,000. So maybe they just made the guy sign an NDA then gave him $100 and said thanks for helping us with our lying sucker, now get lost.)

  • This has real "Home Taping is Killing Music" vibes.


    But god damn do these corporate vultures really think that we owe them something.

    No, this is a financial transaction. I am buying a product from you, and once I have paid you, I owe you nothing more. Endless attempts to make your business model endlessly extractive from your customer base just shows you have shitty business management skills and don't know how to grow your business outside of nickel-and-diming people to death.

  • 🤖 I'm a bot that provides automatic summaries for articles: ::: spoiler Click here to see the summary Last Thursday, HP CEO Enrique Lores addressed the company's controversial practice of bricking printers when users load them with third-party ink.

    That frightening scenario could help explain why HP, which was hit this month with another lawsuit over its Dynamic Security system, insists on deploying it to printers.

    HP has issued firmware updates that block printers with such ink cartridges from printing, leading to the above lawsuit (PDF), which is seeking class-action certification.

    Still, because chips used in third-party ink cartridges are reprogrammable (their “code can be modified via a resetting tool right in the field,” according to Actionable Intelligence), they’re less secure, the company says.

    Further, there's a sense from cybersecurity professionals that Ars spoke with that even if such a threat exists, it would take a high level of resources and skills, which are usually reserved for targeting high-profile victims.

    Realistically, the vast majority of individual consumers and businesses shouldn't have serious concerns about ink cartridges being used to hack their machines.


    Saved 79% of original text. :::

42 comments