[German]It's crazy or "what the fuck" (WTF) what printer manufacturer HP is sucking out of its fingers again. The company has attracted a lot of negative attention because it blocks third-party ink cartridges through firmware updates, even retrospectively. There have been judgments against HP that have awarded compensation to blocked users. Now the HP boss has come up with a new, adventurous justification for blocking third-party ink cartridges. This is the only way to protect buyers of HP devices from "viruses" that are "lurking around" in ink cartridges with third-party chips to infect the poor HP printers.
A long story
I have regularly reported here on the blog about how the manufacturer Hewlett Packard modifies its inkjet printers via firmware so that third-party ink cartridges can no longer be used (see article links at the end of the post).
Many users are victims of this trap because the printers are connected to the Internet and the firmware is updated automatically. Or a firmware update is sold as a security update, but also blocks third-party ink cartridges.
If it is stated on the packaging when the device is purchased that no third-party ink may be used, this is ok from a legal point of view. However, HP has also tried this in the past and blocked buyers from using third-party ink through firmware updates. There were then court rulings with compensation for damages. And so HP is always thinking of new ways to sell its printer ink – which is not worth its weight in gold – to men and women.
Sometimes it is alleged or existing differences in quality. Sometimes cartridges from other manufacturers allegedly break the devices or there are other problems that are conjured up. The latest justification, which I will present below, is the most stupid stylistic flourish I have heard so far.
We protect you from viruses
Due to the articles on problems with third-party ink cartridges here on borncity.com, my blogs act as a honeypot, so to speak. Mike has just posted this German comment on an article about such blocks. It was immediately clear to me yesterday what it was about and what probably triggered the comment. Because I came across the following tweet.
Ars Technica picked it up in this article, for example, because HP CEO Enrique Lores seems to have defended the controversial practice of blocking third-party ink cartridges in HP devices via firmware on January 18, 2024. The reasoning he gave in an interview with CNBC Television is simply crazy: "We've seen that you can embed viruses in the cartridges. Through the cartridge, [the virus] can get to the printer, [and then] from the printer to the network," he is quoted as saying by Ars Technica.
The background for this bizarre statement may be another lawsuit against HP's Dynamic Security system, which is responsible for blocking third-party ink. Dynamic Security prevents HP printers from working if an ink cartridge without an HP chip or HP electronics is used.
In the new lawsuit, which will be brought as a class action, the plaintiffs allege that HP printer purchasers were not informed that firmware updates for these devices, released in late 2022 and early 2023, could cause the printers to not work with third-party ink. The lawsuit seeks damages and an injunction preventing HP from releasing printer updates that block ink cartridges without an HP chip.
Are hacked ink cartridges really a problem? Ars Technica security editor Dan Goodin says he's not aware of any actively used attacks where a cartridge can be used to infect a printer. Goodin posed the question on Mastodon , and the responding cybersecurity experts, many of whom have experience hacking embedded devices, were decidedly skeptical, Ars Technica writes. The HP CEO's reasoning is therefore more likely to be high-level blathering in order to avoid any legal exposure during the trial.
As part of the company's bug bounty program, researchers from Bugcrowd were tasked with finding out whether it is possible to use an ink cartridge as a cyberthreat. HP argued that the ink cartridges' microcontroller chips, which are used to communicate with the printer, could be a gateway for attacks. This article from 2022 mentions the theoretical possibility that something like this could work – but in practice, this is unlikely to play a role. HP is also not aware of any cases where this has been exploited. There are also easier ways for attackers, imho.
Ars Technica has analyzed and classified it. HP has found a theoretical way in which ink cartridges can be hacked. The announcement of a bug bounty to identify such a risk is considered reasonable. But Ars Technica points out that HP's solution to this threat was implemented before the threat was proven.
- HP began using Dynamic Security on its printers in 2016.
- HP launched its Bug Bounty program for ink cartridges in 2020.
- Then in 2022, the above study was published.
And now HP claims that Dynamic Security was introduced to solve a problem that was only proven to exist years later. Which brings us back to what the fuck (WTF).
Similar article:
HP printer firmware disables refill ink cartridges
HP apologizes, new firmware update for printers soon
HP: New printer firmware re-enables refill ink cartridges
Firmware Update blocks again non HP Printer Cartridges
Is a HP Firmware Update blocking again Third Party Ink Cartridges?
Does HP blocks 3rd party ink cartridges again on its printers (Jan. 2019)?
HP firmware update for ink/laser printers blocks third-party cartridges (Nov. 2020)
Hints for HP Printer Firmware Downgrade
HP ends Free Instant Ink subscription for new customers
Class action lawsuit against HP over blocked cartridges
HP printer: Firmware update again blocks third-party ink cartridges (2023)
HP Blacklisted for me