HP CEO Enrique Lores said this about counterfeit ink cartridges this morningon CNBC:

They can "create security issues. We have seen that you can embed viruses in the cartridges, through the cartridges go to the printer, from the printer go to the network. So it can create [inaudible]"

I'm not aware of a single instance of this happening, either as a PoC attack by a researcher or a malicious one in the wild. Seems like the CEO is misspeaking. Any help here from people with experience in malware in embedded devices would be much appreciated.

Quote occurs at 3:28

https://youtu.be/QPRMyQSZGuY?si=EU905oCTcW860xJs&t=208

@dangoodin those EEPROMs will contain some magic data that the printer needs to see in order to believe it's a legit ink cartridge. it also tracks the number of printed pages so the cartridge can claim to be empty after a while (they don't detect ink level at all).

I can 99.999% guarantee that even with the most optimal trivial exploit for the printer firmware's parsing of the cartridge data, you cannot weaponise it in any useful way. Why? Because the whole thing is like 32 bytes.

@dangoodin on a combo colour cartridge you might have three or even four separate EEPROM blocks for those colours, so maybe 256 bytes if you're lucky. from which you'd have to trigger the exploit, gain code exec on the printer, and somehow pivot that into malware delivery elsewhere (including storage or download of that malware!)

that is a ludicrously tall order, and would still be strongly predicated on multiple severe firmware bugs in the printer.

@dangoodin you could, I suppose, embed a microcontroller into the cartridge to emulate an EEPROM with much larger storage capacity, but that's a *lot* of manual work, and is nontrivial due to the CoB wire bonding (a wire bonding tool costs ten grand plus!)

literally nobody in the third party ink space is going to do this. nation states doing targeted attacks *might* bother, maybe, but there are usually much cheaper and easier vectors than these wacky theorised ink supply chain attacks.

@dangoodin so yeah, I call bullshit on this guy's claim. he has profit motive and I think he's a liar.

I've seen and done some truly wacky hardware stuff in my life, including hiding data in SPD EEPROMs on memory DIMMs (and replacing them with microcontrollers for similar shenanigans), so believe me when I say that his claim is wildly implausible even in a lab setting, let alone in the wild, and let alone at any scale that impacts businesses or individuals rather than selected political actors.

@dangoodin I should also point out that the EEPROMs they embed in the plastic for DRM purposes are a large part of why almost all printer ink cartridges end up in landfill rather than plastic recycling.

they also know that "eco" models of printers that use refillable liquid ink hoppers rather than cartridges don't allow them to artificially lock consumers into their ecosystem, because you can buy the ink from whoever you like, so it benefits them greatly to spread FUD about third parties.