Cutting-edge security features go beyond the printer to encompass the cartridge itself
By George Brasher, SVP & Managing Director, HP UK & Ireland
In our increasingly connected world, any network device can become an avenue of attack for hackers. And if we’re going to enjoy the many benefits and conveniences of the Internet of Things, we must commit to securing every “thing” we connect. Servers and client PCs top the list, but network printers may also be vulnerable to attack. Why? Because they’re less likely to be thought of as needing protection.
Over thepast few years, we have seen a rise in attacks on embedded system technologies, which are often shared across connected devices. The risk includes PC firmware/BIOS as well as printer firmware. Cyberattacks are rapidly increasing in sophistication, and because of this,HP is hyper-focused on printer security, especially in the office environment, and on improving our security strategies to protect resellers and customers.
Of course, wherever there are printers, there are printer cartridges. As with all other components of your office infrastructure, you want to know and trust what cartridges go into your printer. Counterfeit or imitation cartridges come with many risks. Counterfeiters make and market fake printing supplies intended to deceive customers. These illegal cartridges masquerading as HP Originals cost the industry billions of dollars each year, undermine trust in the market and may fund other kinds of criminal activity.
To minimise that risk, HP’s office printing security features go beyond the print hardware and extend to the cartridge itself. We’ve made significant investments in ink and toner cartridge research and development to help protect customers. Indeed, our office-class Original HP printer cartridgestake security into account throughout the design, supply chain and production process to help keep the printers running efficiently[i].
Security from Every Angle
We truly believe office printing system security must be built in — not bolted on. It can’t be something you do after the fact. That’s a recipe for failure.
While the industry has become sophisticated at spotting and blocking software-based intrusions, the same can’t be said for hardware. In fact, it is well understood in the IT industry that counterfeit hardware can become the source of hardware-based exploitation.[ii]
HP Supply Chain Security
HP is vigilant about recognising and mitigating security risks in the supply chain to help reduce the risk of malicious code entering the office cartridge chip.
We carefully manage internal supply chains, working with partners who follow industry best practices on security as well as partnering with security experts. HP office printer cartridge chips are manufactured in secure facilities and are manufactured in facilities where products have achieved EAL5+ certification.
HP was one of the first tech companies to include holographic security labels— complete with verifiable QR codes — on cartridges, which has helped to crack down on fakes. Made with advanced printing techniques, the labels function much like the security marks found on currency.
Digital tracking through the supply chain for many office cartridges provides end-to-end supply chain validation for resellers and end users. These Original HP cartridges can be tracked from the factory to printer and checked throughout that journey.
HP Office Cartridge Chip Security
Only Original HP cartridges contain a chip with HP proprietary firmware that is designed to be secure and resistant to tampering. Non-HP supplies include chips of unknown origin that may employ untrusted firmware. Given that there is a data interface from the chip to the printer, an attacker with the right skills and resources may be able to uncover and exploit a vulnerability, taking advantage of this interface to inject malicious code.
Cartridge chips help protect your printer with secure smart card technologythat is commonly found on chip-based credit and debit cards. All Original HP office printer cartridges introduced since 2015 use smart card technology for maximum data integrity and resistance to tampering and hacking. Non-HP chips may use general purpose microprocessors, which could introduce risks.
HP Enterprise Printer Hardware Security
HP recognized the potential threat vector for enterprise printer hardware years ago. We now offer Runtime Intrusion Detection solutions that flag anomalies insystem memory. Our enterprise-class printers also offer Sure Start technology, which automatically detects, stops and recovers from a BIOS attack or corruption without IT intervention, thus self-healing from the attack.
Resellers and Security Strategies
While end-users certainly benefit from this kind of multi-layered printer cartridge security, our partners and resellers need the protection as well. No savvy reseller wants to deal in cartridges that may contain a chip of unknown origin that could have untrusted firmware containing malicious code.
HP is informing partners and resellers about all of our office printer and cartridge security features, including tamper-resistant packaging, security labels, zip-strip sealed inner packaging, tamper-evident labels and trackable ID codes. Resellers (and end users) can report a suspected counterfeit onlineor – for larger volumes of inventory – request an on-site anti-counterfeit Customer Delivery Inspection.
As we navigate an increasingly complex world of cyberthreats together, it’s paramount that we utilise every possible resource to deliver trusted and resilient security for office printers. Technology companies must factor security into everything they build from hardware to firmware to software. The channel must remain ever vigilant to the differences between vendors who are well-versed and serious about security and those who are not.
Learn more at hp.com/go/suppliesthatprotect.
Non-HP printer cartridges may cause printer damage: North America results. 2019 NA Market Strategies International study commissioned by HP. Results based on 222 surveys from HP ServiceOne Partners who have at least 6 months of experience servicing HP monochrome and Color LaserJet printers with HP and non-HP toner cartridges installed and have done so within the previous 12 months of the study. See marketstrategies.com/hp/NA-Technician2019.pdf.
HP Office Print Cartridge Security: HP Office-class printing systems include Enterprise-class devices with FutureSmart firmware 4.5 or above, Pro-class devices, and their respective Original HP toner, PageWide, and ink cartridges. Does not include HP integrated printhead ink cartridges. See:
https://h20195.www2.hp.com/v2/GetDocument.aspx?docname=4AA6-8438ENWand www.hp.com/go/SuppliesSecurityClaims. Digital supply-chain tracking and packaging security features vary locally by SKU.
“A survey of emerging threats in cybersecurity” published in Journal of Computer and System Sciences, Volume 80, Issue 5, August 2014, Pages 973-993. CSIRO ICT Centre, Australia. https://doi.org/10.1016/j.jcss.2014.02.005