In a recent interview with CNBC Television, HP CEO Enrique Lores addressed the controversy surrounding the company's practice of bricking printers when users install third-party ink cartridges. Lores stated that the reason behind this drastic measure is to protect users from potential cyber threats, specifically viruses that can be embedded in these cartridges.

The announcement comes amidst a lawsuit against HP over its Dynamic Security system and the company's insistence on implementing it in their printers. HP claims that the system is necessary to safeguard against potential hacking attempts through ink cartridges, a scenario that Lores described as the virus infiltrating the printer and ultimately spreading to the network.

However, experts remain skeptical of HP's claims. Ars Technica senior security editor Dan Goodin stated that he was not aware of any real-world attacks that utilize ink cartridges to infect printers. The CEO's assertions are supported by HP-backed research conducted by Bugcrowd, where researchers investigated whether ink cartridges could serve as a cyber threat. This research suggested that the microcontroller chips used in third-party ink cartridges could be exploited as entry points for attacks.

Actionable Intelligence, a research firm, published an article in 2022 detailing a vulnerability discovered by one of the Bugcrowd researchers. This researcher successfully hacked a printer using a third-party ink cartridge, but was unsuccessful when attempting the same hack with an HP cartridge. The exploit involved a buffer overflow, allowing the injection of code into the device. Notably, HP admits that there have been no documented instances of such a hack occurring in the wild.

HP justifies its concern over third-party ink cartridges by emphasizing that the reprogrammability of the chips used in these cartridges makes them less secure compared to their own ISO/IEC-certified supply chain. The company also questions the security of third-party ink companies' supply chains.

HP implemented their Dynamic Security system in 2016, claiming it was designed to address the potential threat that they are now seeking to prove exists. Ink cartridge security training was subsequently added to the company's bug bounty program in 2020.

While HP has identified a theoretical possibility for ink cartridges to be exploited by hackers, experts stress the lack of real-world evidence supporting these concerns. As the debate continues, it is evident that the issue of third-party ink cartridges and cybersecurity remains a contentious topic for HP and its customers.

Disclaimer: The information in this news article is based on HP CEO Enrique Lores' statements and available research. The claims made by HP have not been independently verified by experts mentioned.