The company releases micro-updates that block the use of third-party cartridges on its printers, which usually cost significantly less than the originals.
"We have seen that viruses can be embedded in cartridges. Because of the cartridge, a virus can get onto the printer, and then from the printer onto the network," HP CEO Enrique Lores said in an interview with CNBC Television.
It seems the company views this scenario as one of the explanations for why it is blocking printers that use cartridges from third-party manufacturers. The company's practice, known as Dynamic Security, has already led to legal claims - customers complain that they were not informed that the update could render the printer unusable. The lawsuit also demands compensation for financial damages and a ban on releasing similar security updates for HP.
Should you worry about potential hacking of ink cartridges?
Ars Technica senior security editor Dan Goodin claims he has not heard of any such attacks, and cyber security experts in his Mastodon thread have said the same.
Interestingly, Lores' statement comes from research funded by... HP itself. As part of the Bug Bounty program, the company tasked researchers with determining whether microcontroller chips in ink cartridges, used to communicate with the printer, could serve as an entry point for attacks.
As described in an article by Actionable Intelligence for the year 2022, a researcher found a way to hack a printer using a third-party cartridge, but could not perform the same hack with an HP cartridge. Shivaun Albright, HP's chief printing security technologist, said that malware "remained on the printer in memory" after the cartridge was removed.
At the same time, HP acknowledges that there is no evidence that such hacking has ever occurred. But because chips used in third-party ink cartridges can be reprogrammed, they are less secure, the company says. HP also questions the security of supply chains of third-party ink companies, especially compared to the security of its own supply chain certified ISO/IEC.
Additionally, cyber security experts who spoke to Ars Technica journalists believe that even if such a threat exists, it would require a high level of resources and skills, usually reserved for targeting high-profile victims. In other words, the majority of simple consumers and companies should not seriously worry that ink cartridges are being used to hack their computers.
When HP first announced Dynamic Security in 2016, it claimed that the feature would provide the "best consumer experience" and protect customers from cartridges that "violate our IP". Eight years and several unexpected micro-updates later, the former seems to have taken a back seat.
Subscription Printing
Cartridges are an important business for HP, which is also facing declining printing needs in an increasingly digital world. In its 2023 revenue report, the company stated that its graphic business accounted for 32% of net income and 57% of operating profit totaling $1.5 billion. The operating profitability of HP's printing division increased from 14% in the 2016 financial year to 18.9% in the 2023 financial year.
"Our long-term goal — to launch subscription printing. This is really what we aimed for," said Lores on CNBC Television.
For many years, HP has focused on promoting its monthly ink subscription program Instant Ink. In December, HP's CFO Marie Myers noted that such subscription models can bring a "20% increase in customer value". In its latest financial report, HP named Instant Ink as one of its "key areas of growth".
Comments (0)
There are no comments for now