Final October, HP Inc issued an over-the-air firmware replace to its printers that contained a Trojan Horse of the corporate’s personal making. The replace conned printer homeowners into accepting the replace by saying that it was an anti-virus replace. As an alternative, the replace reconfigured the printers’ cartridge-reading routines in order that they might brick the printer in the event that they detected a non-HP ink cartridge. This Trojan slumbered silently in my spouse’s OfficeJet Professional 6978 printer till early December once I inserted a black 902XL ink cartridge from 3rd-party ink producer LxTek. The printer then rejected the brand new ink cartridge and refused to print. As an alternative, the printer displayed an error message and demanded a real HP cartridge. Observe that this 3rd-party cartridge got here from {a partially} empty field. Cartridges taken from this similar field earlier than the firmware replace labored tremendous.
My spouse’s printer was now bricked, till I eliminated the brand new ink cartridge and changed it with the older, empty ink cartridge. As an alternative of shopping for a brand new HP cartridge, I drilled into the LxTek cartridge and used a syringe to extract ink from the brand new cartridge to refill the previous cartridge that didn’t brick the printer. I misplaced half of the ink within the course of however not less than I used to be capable of unbrick the printer in lower than an hour.
Earlier than I elaborate on HP Inc’s clumsy try to carry my spouse’s printer hostage, I wish to laud LxTek’s conduct. Good earlier than dangerous. After I transferred the black ink from LxTek’s cartridge to the working cartridge, I contacted LxTek and defined what occurred. A day later, LxTek replied to my e-mail. Right here’s the corporate’s reply:
“Thanks to your buy and we apologize for the inconvenience.
“HP firm has up to date their printer fashions that use 902 ink cartridges. I’m afraid this recognition problems with the ink cartridge is brought on by the Oct. printer replace. We will’t management the printer improve, which is a method for the OEM vendor to withstand our third-party vendor.
“However please word that your satisfaction is our first precedence. We’ll attempt our greatest to offer first-class after-sales companies to compensate for the inconvenience.
“Please tell us the amount and shade of the not working gadgets. We’ll situation a alternative for the not working gadgets. The brand new reissue product can be utilized usually, please relaxation assured.”
True to their phrase, LxTek shipped a alternative the following day. That’s the form of firm all of us want to patronize.
Now, for HP Inc. Earlier than making my case, permit me to offer a few of my very own background. I labored as a design engineer for the Hewlett-Packard Firm (HP) in Loveland, Colorado from 1975 to 1980. Again then, Invoice Hewlett and Dave Packard nonetheless ran the corporate. Integrity with clients was a prime precedence for them as a result of their names appeared on the signal over the door. Company integrity was drilled into each new worker. It was my first job as an engineer and Invoice’s and Dave’s ethics stick with me immediately, virtually 50 years later. Right here’s what Packard wrote about company accountability in his guide, “The HP Means”:
“As we speak, Hewlett-Packard operates in many various communities all through the world. We stress to our individuals that every of those communities have to be higher for our presence. This implies being delicate to the wants and pursuits of the group; it means making use of the very best requirements of honesty and integrity to all {our relationships} with people and teams; it means enhancing and defending the bodily surroundings and constructing engaging vegetation and workplaces of which the group could be proud; it means contributing expertise, power, time, and monetary assist to group tasks.”
Throughout my time at HP, engineers from HP Labs in Palo Alto, California visited Loveland to demo a brand new thermal inkjet printing expertise they’d developed. That expertise grew to become the premise for HP’s ThinkJet printers and for all of the HP inkjet printers to comply with. My spouse’s OfficeJet Professional 6978 printer is a latest descendant of the unique ThinkJet printers. Once I purchase an HP printer, I’m rooting for my house group. That’s why I’m so disillusioned and forlorn about this newest try by HP Inc to extort cash from its clients.
HP has by no means favored 3rd-party cartridges for its inkjet and laser printers, with good cause. An outsized chunk of the corporate’s earnings come from the sale of its printer consumables, which incorporates ink and toner cartridges. To make it troublesome for different corporations to fabricate alternative ink and toner cartridges for its printers, HP began to put in ICs in small circuit boards bonded to the cartridges. HP Inc carried out the newest model of this expertise, euphemistically referred to as Dynamic Safety, in 2016. The corporate’s newer printers learn info from these chips to assist determine real HP cartridges, however 3rd-party distributors have turn into adept at circumventing these measures with countermeasures. HP has been sued a number of occasions for its anti-competitive observe of placing and amending these countermeasures.
The most recent firmware replace to Dynamic Safety occurred in October. HP conned its printer clients into accepting the firmware replace by claiming it was including antivirus safety to the printer. Who wouldn’t need that? As an alternative, the firmware replace contained HP Trojan Horse code that will invalidate 3rd-party ink cartridges by fully bricking the printer. (My pal Ron Sartore simply encountered this downside as nicely. He thinks that HP Inc’s Dynamic Safety is little greater than ransomware.)
HP Inc’s duplicity on this matter goes all the best way to the highest. In a January 18 video interview on CNBC’s “Squawk Field” earlier this 12 months, right here’s what HP CEO Enrique Lores needed to say about this matter:
“I believe for us, you will need to shield our IP. There may be quite a lot of IP we construct within the ink, in printers themselves. And what we’re doing is, once we determine cartridges which can be violating our IP, we cease the printer from working.” (Added emphasis is mine)
There are methods to defend IP. Authorized methods involving civil lawsuits and courts. These don’t seem like the methods HP Inc needs to make use of on this state of affairs. On this video interview, Lores justifies waging struggle towards 3rd-party consumables suppliers by weaponizing printers bought by HP’s clients. Apparently, he views clients as collateral injury.
Throughout this interview, Lores defined that HP makes use of the razor-razorblade mannequin, a pricing tactic developed by King Camp Gillette within the early 1900s for his private grooming merchandise. This enterprise mannequin depends upon promoting a consumable (razor blades or ink cartridges) at a excessive revenue whereas promoting the dependent good (a razor or printer) at a loss and even giving it away totally free. The consumables generate the earnings. Gillette nonetheless employs this enterprise mannequin.
We purchased our OfficeJet Professional 6978 printer from Amazon for $181.46 in early 2022. Since then, HP Inc seems to have practically doubled the printer’s value. Once I seemed on the printer itemizing on Amazon whereas writing this text, I noticed that it was now listed for $350. HP Inc’s not giving these printers away. Now, I’ve spent as a lot as $5000 on laptop printers method again within the Nineteen Eighties, again when printers had been fabricated from steel and used ribbons as an alternative of ink or toner cartridges. However as of late, printers value a lot much less as a result of they’re fabricated from plastic and since electronics have gotten a lot cheaper. Right here’s what Lores stated about the price of HP printers throughout his CNBC interview:
“[It’s] a part of the enterprise mannequin developed over time. We promote our printers and make it clear the printers had been for HP provides. We made it very clear from the start.”
I don’t appear to recollect getting that individual message from HP, though I by no means doubted that the corporate would like for me to make use of HP ink cartridges. Later throughout the interview, Lores said that individuals who purchase HP printers however then use 3rd-party cartridges are “dangerous clients.” He elaborated:
“A buyer buys a printer, it’s an funding for us. We’re investing on [sic] this buyer. And never utilizing our provides, it’s a nasty funding [for HP].”
CEO Lores then telegraphed true intent in direction of the tip of his CNBC interview:
“Our purpose is to scale back the variety of unprofitable clients… IT [information technology] has turn into very troublesome. One of many roads we see is how can we make it simple to unravel issues like [paper jams], and we now have a service to allow that. But additionally, as we shift the enterprise to a subscription [model], not just for printers however PCs and the remainder of the merchandise that we construct, that will likely be an excellent higher [way to solve these problems].”
Now, to be honest, revenue and IP safety usually are not HP Inc’s sole justifications for inserting the Trojan Horse firmware replace into its printers. The corporate claims that it’s potential for hackers to show ink cartridges into cyberthreats by inserting viruses in an ink or toner cartridge. These viruses can one way or the other infect the printer’s firmware via the built-in microprocessor and might then escape into PCs on the identical community. To me, this assertion displays a elementary lack of awareness with respect to the varied microprocessors and connections concerned on this chain.
For proof of its assertion, HP Inc cites an article printed on a web site referred to as “Actionable Intelligence” and titled “HP Bug Bounty Program Finds Reprogrammable Chips Open Printers to Malware.” The article is dated October 5, 2022 and says {that a} 3rd-party hacker working beneath the auspices of HP Inc’s Bug Bounty program was capable of inject malware from a 3rd-party ink cartridge with a reprogrammable safety chip right into a printer by exploiting a buffer-overflow bug in HP’s Dynamic Safety firmware. HP Inc says that its ink cartridges usually are not reprogrammable, to allow them to’t be adulterated with viruses or malware.
HP Inc’s resolution to this potential malware menace from 3rd-party cartridges was to situation a number of firmware updates in order that its printers would lock up upon seeing a 3rd-party ink cartridge in a printer. The printer stays unusable till the threerd-party cartridge is changed by a real HP cartridge. A number of firmware updates are required as a result of 3rd-party distributors have gotten adept at circumventing HP Inc’s Dynamic Safety countermeasures, utilizing the pliability and fast-turn capabilities of the reprogrammable chips of their ink cartridges.
Observe that this malware vulnerability is constructed into HP’s Dynamic Safety firmware, which communicates with the ink cartridges, so HP created this example by including Dynamic Safety to the printer within the first place. There’s no different cause for the printer to speak with the chip on the 902XL ink cartridge, which is only a dumb plastic container full of ink.
The severity of this downside fully escapes me. The printer is in whole management of the ink cartridge. Easy mechanisms have existed for many years to forestall buffer-overflow exploits, that are well-known, well-understood software program vulnerabilities. However past that, why would anybody implement a cartridge safety system utilizing a susceptible message-passing protocol as an alternative of merely studying an ID code from the cartridge? There’s zero chance of a buffer overflow if the firmware reads precisely the variety of bytes in a legitimate ID. There are numerous questions on this Dynamic Safety firmware from an engineering perspective. If one in every of your printers manages to suck a virus out of a 3rd-party ink cartridge, HP, that’s on you.
It might not shock you to seek out out {that a} class-action lawsuit was filed on January 5 towards HP Inc with the US District Courtroom within the Northern District of Illinois for the corporate’s newest “antivirus” firmware replace that bricks HP printers. In its introduction, the lawsuit submitting states:
“It is a class motion introduced towards HP, Inc., for requiring customers who had bought sure manufacturers of printers to make use of solely HP-branded alternative ink cartridges, relatively than buying ink replacements from its opponents. HP completed this via firmware updates it distributed electronically to all registered homeowners of the printers at situation on this case in late 2022 and early 2023, which successfully disabled the printer if the consumer put in a alternative ink cartridge that was not HP-branded. In the identical time interval, HP raised costs on the HP-branded alternative ink cartridges. In impact, HP used the software program replace to create a monopoly within the aftermarket for alternative cartridges, allowing it to boost costs with out concern of being undercut by opponents.”
Little doubt, CEO Lores’s CNBC interview justifying HP’s actions on this matter will likely be submitted to the court docket by the plaintiffs’s attorneys as proof of intent. HP Inc’s board of administrators may wish to talk about the knowledge of permitting CEO Lores in entrance of a digicam once more, not less than till he will get some primary PR coaching.
I’ve no illusions that HP Inc shouldn’t be the HP that employed me half a century in the past. Nevertheless, as an ex-HPite and a now-designated “dangerous buyer” for HP Inc, I’d guess that Invoice and Dave are spinning of their graves proper about now due to what’s occurred to their firm.. Hopefully, they’re spinning quick sufficient to generate some gentle at HP Inc’s headquarters in Palo Alto.
Associated
