HP is pushing over-the-air firmware updates to its printers, bricking them if they are using third-party ink cartridges. But don’t worry, it’s not a money-grab, says the company – it’s just trying to protect you from the well-known risk of viruses embedded in ink cartridges …
HP has long been known for sketchy practices in its attempt to turn ink purchases into a subscription service. If you cancel a subscription, for example, the company will immediately stop the printer using the ink you’ve already paid for.
CEO Enrique Lores somehow managed to keep a straight face while explaining to CNBC that the company was only trying to protect users from viruses which might be embedded into aftermarket ink cartridges.
It can create issues [where] the printers stop working because the inks have not been designed to be used in our printers, to then create security issues. We have seen that you can embed viruses in the cartridges, and through the cartridge, go to the printer; from the printer, go to the network.
ArsTechnica asked several security experts whether this could happen, and they said this is so out-there, it would have to be a nation-state attack on a specific individual.
“Purely from a threat-modeling perspective, I’m skeptical – unless it’s a nation-state doing a tailored attack.”
“As someone who works for a different inkjet print company – I’d say it’s pretty terrible engine design if you could maliciously craft a cartridge to contain a virus. The amount of information which needs to be stored on the cartridge is fairly small. If the data is not in the format you expect – reject it as invalid. [HP is known to be quite good at this!]”
“I’ve seen and done some truly wacky hardware stuff in my life, including hiding data in SPD EEPROMs on memory DIMMs (and replacing them with microcontrollers for similar shenanigans), so believe me when I say that his claim is wildly implausible even in a lab setting, let alone in the wild, and let alone at any scale that impacts businesses or individuals rather than selected political actors.”
HP is facing a class action lawsuit for deploying the bricking code without informing printer buyers of its intention to do so.
This is a class action brought against HP, Inc., for requiring consumers who had purchased certain brands of printers to use only HP-branded replacement ink cartridges, rather than purchasing ink replacements from its competitors.
HP accomplished this through firmware updates it distributed electronically to all registered owners of the printers […] which effectively disabled the printer if the user installed a replacement ink cartridge that was not HP-branded. In the same time period, HP raised prices on the HP-branded replacement ink cartridges. In effect, HP used the software update to create a monopoly in the aftermarket for replacement cartridges, permitting it to raise prices without fear of being undercut by competitors.
Photo by IT services EU
FTC: We use income earning auto affiliate links. More.
Comments