U.S. military employees bought $32.8 million in Lexmark printers, GoPro cameras and Lenovo computers from China in 2018 that have known security risks, according to a report from the Pentagon inspector general.
“Army and Air Force [government purchase card] holders purchased over 8,000 Lexmark printers, totaling more than $30 million for use on Army and Air Force networks,” the Department of Defense Inspector General said in the report.
The Inspector General also noted that Lexmark printers have been subjected to 20 or more vulnerabilities in the past including the storing and transmitting of sensitive network access credentials in plain text and allowing the use of malicious code on the printer. “Such vulnerabilities could allow remote attackers to use a connected Lexmark printer to conduct cyberespionage or launch a denial of service attack on a DoD network,” the IG said.
An earlier Congressional report on supply chain vulnerabilities had warned that using Lexmark devices could create a supply chain vulnerability, because Lexmark has ties to the Chinese military and that country’s cyberespionage programs.
In reaction, Lexmark said in a statement sent to ZD Net that it “strongly disagreed with the representation of Lexmark” in the DOD audit. Lexmark’s association with the Chinese government is unfounded, Lexmark said.
Worries about vulnerabilities of products purchased by the military have attracted the attention of lawmakers.
A bipartisan Senate bill calls for a national strategy to secure supply chains against China and others. The bill directs the Director of National Intelligence, DOD and other agencies to create a plan to increase supply chain intelligence within 180 days.