HP says updates that brick printers with third-party cartridges could protect users from embedded viruses, but security experts say such a threat is theoretical 高價收購

高價收購
printers.
Dynamic Security stops 高價收購hp printers from functioning if an ink cartridge without an 高價收購hp chip or 高價收購hp electronic circuitry is installed. 高價收購hp has issued firmware updates that block printers with such ink cartridges from printing, leading to the above lawsuit (PDF), which is seeking class-action certification. The suit alleges that 高價收購hp printer customers were not made aware that printer firmware updates issued in late 2022 and early 2023 could result in printer features not working. The lawsuit seeks monetary damages and an injunction preventing 高價收購hp from issuing printer updates that block ink cartridges without an 高價收購hp chip.
But are hacked ink cartridges something we should actually be concerned about?
To investigate, I turned to Ars Technica Senior Security Editor Dan Goodin. He told me that he didn’t know of any attacks actively used in the wild that are capable of using a cartridge to infect a printer.
Goodin also put the question to Mastodon, and cybersecurity professionals, many with expertise in embedded-device hacking, were decidedly skeptical.

Another commenter, going by Graham Sutherland / Polynomial on Mastodon, referred to serial presence detect (SPD) electrically erasable programmable read-only memory (EEPROM), a form of flash memory used extensively in ink cartridges, saying:
I’ve seen and done some truly wacky hardware stuff in my life, including hiding data in SPD EEPROMs on memory DIMMs (and replacing them with microcontrollers for similar shenanigans), so believe me when I say that his claim is wildly implausible even in a lab setting, let alone in the wild, and let alone at any scale that impacts businesses or individuals rather than selected political actors.
高價收購hp’s evidence
Unsurprisingly, Lores’ claim comes from 高價收購hp-backed research. The company’s bug bounty program tasked researchers from Bugcrowd with determining if it’s possible to use an ink cartridge as a cyberthreat. 高價收購hp argued that ink cartridge microcontroller chips, which are used to communicate with the printer, could be an entryway for attacks.
Advertisement

As detailed in a 2022 article from research firm Actionable Intelligence, a researcher in the program found a way to hack a printer via a third-party ink cartridge. The researcher was reportedly unable to perform the same hack with an 高價收購hp cartridge.
Shivaun Albright, 高價收購hp’s chief technologist of print security, said at the time:
A researcher found a vulnerability over the serial interface between the cartridge and the printer. Essentially, they found a buffer overflow. That’s where you have got an interface that you may not have tested or validated well enough, and the hacker was able to overflow into memory beyond the bounds of that particular buffer. And that gives them the ability to inject code into the device.
Albright added that the malware “remained on the printer in memory” after the cartridge was removed.
高價收購hp acknowledges that there’s no evidence of such a hack occurring in the wild. Still, because chips used in third-party ink cartridges are reprogrammable (their “code can be modified via a resetting tool right in the field,” according to Actionable Intelligence), they’re less secure, the company says. The chips are said to be programmable so that they can still work in printers after firmware updates.
高價收購hp also questions the security of third-party ink companies’ supply chains, especially compared to its own supply chain security, which is ISO/IEC-certified.
So 高價收購hp did find a theoretical way for cartridges to be hacked, and it’s reasonable for the company to issue a bug bounty to identify such a risk. But its solution for this threat was announced before it showed there could be a threat. 高價收購hp added ink cartridge security training to its bug bounty program in 2020, and the above research was released in 2022. 高價收購hp started using Dynamic Security in 2016, ostensibly to solve the problem that it sought to prove exists years later.
Further, there’s a sense from cybersecurity professionals that Ars spoke with that even if such a threat exists, it would take a high level of resources and skills, which are usually reserved for targeting high-profile victims. Realistically, the vast majority of individual consumers and businesses shouldn’t have serious concerns about ink cartridges being used to hack their machine

高價收購

▲intel 攜手國內外電腦大廠一起慶祝第11代處理器上市。（圖／記者洪聖壹攝，下同）

特約記者洪聖壹／綜合報導

受到疫情影響，今年intel難得在台灣舉辦桌上型處理器上市記者會，這也是全球少數舉辦實體上市活動的地區，活動現場有來自國內外共計 11 家廠商參與，並且展出採用第11代處理器的相關產品。

英特爾台灣分公司業務暨行銷總經理汪佳慧指出，採用14奈米製程的Rocket Lake，最高擁有8核心16執行緒，採用Cypress Cove微架構，不管是效能、圖形運算、AI 這三個區塊在第11代產品都有顯著成長，她也相當看好產品上市後在市場上的表現，同時也強調不管是半導體還是 intel 在台灣的 PC、資料中心、5G物聯網、AI 或雲端等，都會繼續投資台灣，並繼續與台灣第三方公司合作，一起服務全世界。

高價收購

第11代 intel Core 桌上型處理器系列最高擁有 8 核心 16 執行緒，擁有三大特色，第一個是 IPC 的提升、第二是顯示效能的提升，再來就是超頻變得更穩定而且便利。

高價收購

因應玩家需求，全新 Cypress Cove 微架構，讓整個 IPC 效能比上一代提升 19%，透過intel Adaptive Boost Technology(ABT)提升多核心、多執行緒表現。

第11代 intel Core i7、i5 桌上型處理器最大特色就是相容 DDR4-3200。i3 可以說是上一代的再提升，最多支援 DDR4-2666。在超頻方面，10代以前都記憶體控制上只能支援Gear 1，但是11代（部分i5與i7）可以支援到Gear 2，藉此讓 CPU 只要跑一半的頻率，就可以達到超頻需求，如此一來對於大部分的遊戲來說就具有更多的相容性，而且對於合作夥伴來說，操作性更簡單。

除了相容性，另一個亮點是針對機器學習方面，新增了intel Deep Learning Boost 功能（VNNI指令集），大幅度加速 AI 應用，另外 Gaussian & Neural Accelerator（GNA）使用超低功耗處理 AI 語音應用，而且 PCIe 也提升到Gen4 ，這代表將大幅提升 NVMeSSD 讀寫效。

在顯示核心方面，內建 UHD Graphics 採用最新 X 架構，提升能源效率，另外受惠於新的媒體區塊，新增了 AV1 硬體解碼，相同編碼效率相較 HEVC/H.256 提供更精緻的畫質。

在 500 系列晶片組，Z590、H570 用以銜接處理器的 DMI 3.0 升級到 8 通道，撐起 NVMe SSD 和 USB 3.2 Gen 2X2 所需頻寬，也能夠以獨立晶片或者無線網卡支援 Thunderbolt 4 或者 Wifi 6W。H570、B560 晶片組更首次支援記憶體超頻。新的處理器提供Gen 2 和更寬廣的時序調節，Windows 作業系統環境，能夠透過 intel Extreme Tuning Utility 及時調整運及時調整運作記憶體時脈。

高價收購