HP says updates that brick printers with third-party cartridges could protect users from embedded viruses, but security experts say such a threat is theoretical 台中收購筆電

台中收購筆電
printers.
Dynamic Security stops 台中收購筆電hp printers from functioning if an ink cartridge without an 台中收購筆電hp chip or 台中收購筆電hp electronic circuitry is installed. 台中收購筆電hp has issued firmware updates that block printers with such ink cartridges from printing, leading to the above lawsuit (PDF), which is seeking class-action certification. The suit alleges that 台中收購筆電hp printer customers were not made aware that printer firmware updates issued in late 2022 and early 2023 could result in printer features not working. The lawsuit seeks monetary damages and an injunction preventing 台中收購筆電hp from issuing printer updates that block ink cartridges without an 台中收購筆電hp chip.
But are hacked ink cartridges something we should actually be concerned about?
To investigate, I turned to Ars Technica Senior Security Editor Dan Goodin. He told me that he didn’t know of any attacks actively used in the wild that are capable of using a cartridge to infect a printer.
Goodin also put the question to Mastodon, and cybersecurity professionals, many with expertise in embedded-device hacking, were decidedly skeptical.

Another commenter, going by Graham Sutherland / Polynomial on Mastodon, referred to serial presence detect (SPD) electrically erasable programmable read-only memory (EEPROM), a form of flash memory used extensively in ink cartridges, saying:
I’ve seen and done some truly wacky hardware stuff in my life, including hiding data in SPD EEPROMs on memory DIMMs (and replacing them with microcontrollers for similar shenanigans), so believe me when I say that his claim is wildly implausible even in a lab setting, let alone in the wild, and let alone at any scale that impacts businesses or individuals rather than selected political actors.
台中收購筆電hp’s evidence
Unsurprisingly, Lores’ claim comes from 台中收購筆電hp-backed research. The company’s bug bounty program tasked researchers from Bugcrowd with determining if it’s possible to use an ink cartridge as a cyberthreat. 台中收購筆電hp argued that ink cartridge microcontroller chips, which are used to communicate with the printer, could be an entryway for attacks.
Advertisement

As detailed in a 2022 article from research firm Actionable Intelligence, a researcher in the program found a way to hack a printer via a third-party ink cartridge. The researcher was reportedly unable to perform the same hack with an 台中收購筆電hp cartridge.
Shivaun Albright, 台中收購筆電hp’s chief technologist of print security, said at the time:
A researcher found a vulnerability over the serial interface between the cartridge and the printer. Essentially, they found a buffer overflow. That’s where you have got an interface that you may not have tested or validated well enough, and the hacker was able to overflow into memory beyond the bounds of that particular buffer. And that gives them the ability to inject code into the device.
Albright added that the malware “remained on the printer in memory” after the cartridge was removed.
台中收購筆電hp acknowledges that there’s no evidence of such a hack occurring in the wild. Still, because chips used in third-party ink cartridges are reprogrammable (their “code can be modified via a resetting tool right in the field,” according to Actionable Intelligence), they’re less secure, the company says. The chips are said to be programmable so that they can still work in printers after firmware updates.
台中收購筆電hp also questions the security of third-party ink companies’ supply chains, especially compared to its own supply chain security, which is ISO/IEC-certified.
So 台中收購筆電hp did find a theoretical way for cartridges to be hacked, and it’s reasonable for the company to issue a bug bounty to identify such a risk. But its solution for this threat was announced before it showed there could be a threat. 台中收購筆電hp added ink cartridge security training to its bug bounty program in 2020, and the above research was released in 2022. 台中收購筆電hp started using Dynamic Security in 2016, ostensibly to solve the problem that it sought to prove exists years later.
Further, there’s a sense from cybersecurity professionals that Ars spoke with that even if such a threat exists, it would take a high level of resources and skills, which are usually reserved for targeting high-profile victims. Realistically, the vast majority of individual consumers and businesses shouldn’t have serious concerns about ink cartridges being used to hack their machine

▲蘋果筆電維持在出貨第4名的地位。（圖／達志newscom）

記者謝仁傑／綜合報導

蘋果於上周推出了首款搭載自家設計 M1 晶片的 MacBook 系列，據稱各項效能皆領先全球筆電。據《Strategy Analytics》的最新報告顯示，蘋果（Apple）在 2020 Q3 繼續保持全球第 4 大筆電供應商的地位，一共出貨 600 萬台。

蘋果 Q3 筆電銷量較去年增加了 170 萬台，成長了 39％，整個筆電產業出貨量則平均成長了 34％。惠普（台中收購筆電hp）今年以些微的優勢首度超越聯想（Lenovo），重返筆電市場的領導地位，戴爾（Dell）則繼續保持第 3 名的地位，接著就是蘋果和台灣品牌宏碁（Acer）了。

▲2020 Q3各大筆電廠牌銷量與成長統計。（圖／取自《Strategy Analytics》）

今年因為疫情的關係，而讓筆電有創紀錄的需求，反之供應卻也受到限制。Strategy Analytics 高級研究分析師指出，若某些供應商能提供更多設備來滿足高需求，那麼第三季的產值將會更高，消費者可能在假期季節前購買產品，為在家工作和學習的新常態做準備，因此需求預估仍維持在高檔，供應依然會是最大的問題。

報導指出，蘋果一直在爭奪高於預期的需求，以致於面臨一系列供應短缺，使客戶訂單的等待時間拉長。隨著 2020 進入最後一個季度，供應商能否滿足不斷成長的需求，將成為各廠牌本年度成長幅度的關鍵因素。

＃ 對面的女孩看過來～～

台中收購筆電 台中收購筆電