Last week, HP CEO Enrique Lores addressed the company's controversial practice Disable printers when users fill them with third-party ink.
He mentioned in an interview“We have seen that viruses can be embedded in cartridges.” “Through the cartridge (the virus) can get to the printer and (and then) from the printer into the network.”
This implausible explanation is intended to justify why HP, which this month faced another lawsuit over its dynamic security system, insists on implementing it in its printers.
The evidence presented by HP comes, unsurprisingly, from company-sponsored research. HP's bug bounty program tasked Bugcrowd researchers with determining whether an ink cartridge could be used as a cyber threat.
HP argued this A gateway for attacks could be the microcontrollers in the cartridges that communicate with the printer.
A researcher of the program has found a way to hack a printer via a third-party ink cartridge. The researcher was reportedly unable to perform the same hack using an HP cartridge.
HP admits that there is no evidence that such a hack took place in practice. However, because the chips used in third-party ink cartridges are reprogrammable, the company says they are less secure.
HP also questions the security of third-party supply chains, especially when compared to the security of its own supply chain, which is ISO/IEC certified.