this post was submitted on 22 Jan 2024
163 points (100.0% liked)

Technology

37747 readers
150 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

His claims are quickly debunked in the article, as the true reason is, obviously, protecting their IP and subscription model

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 22 points 10 months ago* (last edited 10 months ago)

Shivaun Albright, HP's chief technologist of print security, said at the time:

"A researcher found a vulnerability over the serial interface between the cartridge and the printer. Essentially, they found a buffer overflow. That’s where you have got an interface that you may not have tested or validated well enough, and the hacker was able to overflow into memory beyond the bounds of that particular buffer. And that gives them the ability to inject code into the device."

Albright added that the malware “remained on the printer in memory” after the cartridge was removed.

So HP had a vulnerability in their printer's firmware that allowed arbitrary cartridge code to become executable, and they're trying to spin this so it doesn't sound like their printers are at fault. Still sounds like a them problem.