This is HP giving itself a black eye and intentionally trying to pass it off as trendy new make-up.
If it's possible to infect a network via an ink cartridge, that is not the fault of the cartridge, but of HP's *profoundly* shitty firmware, if that firmware reads data from the cartridge and treads that data as if it were trusted. The whole *point* of talking to the cartridge is to interrogate it and confirm that it is genuine. By its very nature, this problem requires the printer to communicate with an untrusted device (the cartridge) and validate its response. If you cannot do this without hitting some sort of buffer overflow or code execution vulnerability, then you have failed. Miserably. Completely.
Even *if* this demo somehow convinces to intentionally only buy what you believe is "genuine HP" crap, this demo *still* show how vulnerable HP's printers are to a supply chain attack. And we know those are not uncommon.
If I cared about printing, I would pick up one of these printers and see if it's possible to root the firmware using a carefully-crafted cartridge payload, then patch the firmware to skip the auth checks once and for all.
Fun fact, a week ago I was trying to get my mother's Epson to accept aftermarket ink, which resulted in discovering Linux and Busybox in the printer's firmware (GPL request sent, awaiting reply). But that's just the "connectivity" portion of the printer (wifi and such); the actual printing / cartridge / UI junk probably runs in a separate execution domain. This article is starting to give me ideas.