feature article
Subscribe Now

HP Inc tries to brick my wife’s printer. CEO approves and calls people like me “bad customers” on CNBC.

Last October, HP Inc issued an over-the-air firmware update to its printers that contained a Trojan Horse of the company’s own making. The update conned printer owners into accepting the update by saying that it was an anti-virus update. Instead, the update reconfigured the printers’ cartridge-reading routines so that they would brick the printer if they detected a non-HP ink cartridge. This Trojan slumbered silently in my wife’s OfficeJet Pro 6978 printer until early December when I inserted a black 902XL ink cartridge from 3rd-party ink manufacturer LxTek. The printer then rejected the new ink cartridge and refused to print. Instead, the printer displayed an error message and demanded a genuine HP cartridge. Note that this 3rd-party cartridge came from a partially empty box. Cartridges taken from this same box before the firmware update worked fine.

My wife’s printer was now bricked, until I removed the new ink cartridge and replaced it with the older, empty ink cartridge. Instead of buying a new HP cartridge, I drilled into the LxTek cartridge and used a syringe to extract ink from the new cartridge to refill the old cartridge that did not brick the printer. I lost half of the ink in the process but at least I was able to unbrick the printer in less than an hour.

Before I elaborate on HP Inc’s clumsy attempt to hold my wife’s printer hostage, I want to laud LxTek’s behavior. Good before bad. After I transferred the black ink from LxTek’s cartridge to the working cartridge, I contacted LxTek and explained what happened. A day later, LxTek replied to my email. Here’s the company’s reply:

“Thank you for your purchase and we apologize for the inconvenience.

“HP company has updated their printer models that use 902 ink cartridges. I am afraid this recognition issues of the ink cartridge is caused by the Oct. printer update. We can’t control the printer upgrade, which is a way for the OEM seller to resist our third-party seller.

“But please note that your satisfaction is our first priority. We will try our best to provide first-class after-sales services to compensate for the inconvenience.

“Please let us know the quantity and color of the not working items. We will issue a replacement for the not working items. The new reissue product can be used normally, please rest assured.”

True to their word, LxTek shipped a replacement the next day. That’s the sort of company we all wish to patronize.

Now, for HP Inc. Before making my case, allow me to provide some of my own background. I worked as a design engineer for the Hewlett-Packard Company (HP) in Loveland, Colorado from 1975 to 1980. Back then, Bill Hewlett and Dave Packard still ran the company. Integrity with customers was a top priority for them because their names appeared on the sign over the door. Corporate integrity was drilled into every new employee. It was my first job as an engineer and Bill’s and Dave’s ethics stay with me today, almost 50 years later. Here’s what Packard wrote about corporate responsibility in his book, “The HP Way”:

“Today, Hewlett-Packard operates in many different communities throughout the world. We stress to our people that each of these communities must be better for our presence. This means being sensitive to the needs and interests of the community; it means applying the highest standards of honesty and integrity to all our relationships with individuals and groups; it means enhancing and protecting the physical environment and building attractive plants and offices of which the community can be proud; it means contributing talent, energy, time, and financial support to community projects.”

During my time at HP, engineers from HP Labs in Palo Alto, California visited Loveland to demo a new thermal inkjet printing technology they’d developed. That technology became the basis for HP’s ThinkJet printers and for all the HP inkjet printers to follow. My wife’s OfficeJet Pro 6978 printer is a recent descendant of the original ThinkJet printers. When I buy an HP printer, I’m rooting for my home team. That’s why I am so disappointed and forlorn about this latest attempt by HP Inc to extort money from its customers.

HP has never liked 3rd-party cartridges for its inkjet and laser printers, with good reason. An outsized chunk of the company’s profits come from the sale of its printer consumables, which includes ink and toner cartridges. To make it difficult for other companies to manufacture replacement ink and toner cartridges for its printers, HP started to install ICs in small circuit boards bonded to the cartridges. HP Inc implemented the latest version of this technology, euphemistically called Dynamic Security, in 2016. The company’s newer printers read information from these chips to help identify genuine HP cartridges, but 3rd-party vendors have become adept at circumventing these measures with countermeasures. HP has been sued multiple times for its anti-competitive practice of putting and amending these countermeasures.

The latest firmware update to Dynamic Security took place in October. HP conned its printer customers into accepting the firmware update by claiming it was adding antivirus protection to the printer. Who wouldn’t want that? Instead, the firmware update contained HP Trojan Horse code that would invalidate 3rd-party ink cartridges by completely bricking the printer. (My friend Ron Sartore just encountered this problem as well. He thinks that HP Inc’s Dynamic Security is little more than ransomware.)

HP Inc’s duplicity in this matter goes all the way to the top. In a January 18 video interview on CNBC’s “Squawk Box” earlier this year, here’s what HP CEO Enrique Lores had to say about this matter:

“I think for us, it is important to protect our IP. There is a lot of IP we build in the ink, in printers themselves. And what we’re doing is, when we identify cartridges that are violating our IP, we stop the printer from working.” (Added emphasis is mine)

There are ways to defend IP. Legal ways involving civil lawsuits and courts. Those don’t appear to be the ways HP Inc wants to use in this situation. In this video interview, Lores justifies waging war against 3rd-party consumables suppliers by weaponizing printers purchased by HP’s customers. Apparently, he views customers as collateral damage.

During this interview, Lores explained that HP uses the razor-razorblade model, a pricing tactic developed by King Camp Gillette in the early 1900s for his personal grooming products. This business model depends on selling a consumable (razor blades or ink cartridges) at a high profit while selling the dependent good (a razor or printer) at a loss or even giving it away for free. The consumables generate the profits. Gillette still employs this business model.

We bought our OfficeJet Pro 6978 printer from Amazon for $181.46 in early 2022. Since then, HP Inc appears to have nearly doubled the printer’s price. When I looked at the printer listing on Amazon while writing this article, I saw that it was now listed for $350. HP Inc’s not giving these printers away. Now, I’ve spent as much as $5000 on computer printers way back in the 1980s, back when printers were made of metal and used ribbons instead of ink or toner cartridges. But these days, printers cost much less because they’re made of plastic and because electronics have gotten much less expensive. Here’s what Lores said about the cost of HP printers during his CNBC interview:

“[It’s] part of the business model developed over time. We sell our printers and make it clear the printers were for HP supplies. We made it very clear from the beginning.”

I don’t seem to remember getting that particular message from HP, although I never doubted that the company would prefer for me to use HP ink cartridges. Later during the interview, Lores stated that people who buy HP printers but then use 3rd-party cartridges are “bad customers.” He elaborated:

“A customer buys a printer, it’s an investment for us. We’re investing on [sic] this customer. And not using our supplies, it’s a bad investment [for HP].”

CEO Lores then telegraphed true intent towards the end of his CNBC interview:

“Our goal is to reduce the number of unprofitable customers… IT [information technology] has become very difficult. One of the roads we see is how do we make it easy to solve problems like [paper jams], and we have a service to enable that. But also, as we shift the business to a subscription [model], not only for printers but PCs and the rest of the products that we build, that will be an even better [way to solve these problems].”

Now, to be fair, profit and IP protection are not HP Inc’s sole justifications for inserting the Trojan Horse firmware update into its printers. The company claims that it’s possible for hackers to turn ink cartridges into cyberthreats by inserting viruses in an ink or toner cartridge. These viruses can somehow infect the printer’s firmware through the integrated microprocessor and can then escape into PCs on the same network. To me, this statement reflects a fundamental lack of understanding with respect to the various microprocessors and connections involved in this chain.

For proof of its assertion, HP Inc cites an article published on a site called “Actionable Intelligence” and titled “HP Bug Bounty Program Finds Reprogrammable Chips Open Printers to Malware.” The article is dated October 5, 2022 and says that a 3rd-party hacker working under the auspices of HP Inc’s Bug Bounty program was able to inject malware from a 3rd-party ink cartridge with a reprogrammable security chip into a printer by exploiting a buffer-overflow bug in HP’s Dynamic Security firmware. HP Inc says that its ink cartridges are not reprogrammable, so they can’t be adulterated with viruses or malware.

HP Inc’s solution to this potential malware threat from 3rd-party cartridges was to issue multiple firmware updates so that its printers would lock up upon seeing a 3rd-party ink cartridge in a printer. The printer remains unusable until the 3rd-party cartridge is replaced by a genuine HP cartridge. Multiple firmware updates are required because 3rd-party vendors have gotten adept at circumventing HP Inc’s Dynamic Security countermeasures, using the flexibility and fast-turn capabilities of the reprogrammable chips in their ink cartridges.

Note that this malware vulnerability is built into HP’s Dynamic Security firmware, which communicates with the ink cartridges, so HP created this situation by adding Dynamic Security to the printer in the first place. There’s no other reason for the printer to communicate with the chip on the 902XL ink cartridge, which is just a dumb plastic container filled with ink.

The severity of this problem completely escapes me. The printer is in total control of the ink cartridge. Simple mechanisms have existed for decades to prevent buffer-overflow exploits, which are well-known, well-understood software vulnerabilities. But beyond that, why would anyone implement a cartridge security system using a vulnerable message-passing protocol instead of simply reading an ID code from the cartridge? There’s zero possibility of a buffer overflow if the firmware reads exactly the number of bytes in a valid ID. There are many questions about this Dynamic Security firmware from an engineering perspective. If one of your printers manages to suck a virus out of a 3rd-party ink cartridge, HP, that’s on you.

It may not surprise you to find out that a class-action lawsuit was filed on January 5 against HP Inc with the US District Court in the Northern District of Illinois for the company’s latest “antivirus” firmware update that bricks HP printers. In its introduction, the lawsuit filing states:

“This is a class action brought against HP, Inc., for requiring consumers who had purchased certain brands of printers to use only HP-branded replacement ink cartridges, rather than purchasing ink replacements from its competitors. HP accomplished this through firmware updates it distributed electronically to all registered owners of the printers at issue in this case in late 2022 and early 2023, which effectively disabled the printer if the user installed a replacement ink cartridge that was not HP-branded. In the same time period, HP raised prices on the HP-branded replacement ink cartridges. In effect, HP used the software update to create a monopoly in the aftermarket for replacement cartridges, permitting it to raise prices without fear of being undercut by competitors.”

No doubt, CEO Lores’s CNBC interview justifying HP’s actions in this matter will be submitted to the court by the plaintiffs’s attorneys as evidence of intent. HP Inc’s board of directors might want to discuss the wisdom of allowing CEO Lores in front of a camera again, at least until he gets some basic PR training.

I’ve no illusions that HP Inc is not the HP that employed me half a century ago. However, as an ex-HPite and a now-designated “bad customer” for HP Inc, I’d guess that Bill and Dave are spinning in their graves right about now because of what’s happened to their company.. Hopefully, they’re spinning fast enough to generate some light at HP Inc’s headquarters in Palo Alto.

2 thoughts on “HP Inc tries to brick my wife’s printer. CEO approves and calls people like me “bad customers” on CNBC.”

  1. One word answer – EPSON.

    New inkjets are great, same with PrecisionCore head tech. Refillable cartridges are ultracheap and they work great. OEM ink is cheap. I have the same printer for 5 years now, still running on the same refillable cartridges set, except one or two. I think I replaced black and maybe cyan.

    But since whole set ( 4 cartridges) was like €10, I bought two. And half a liter worth of ink.
    All in all it was €60-ish with postage IIRC.

    Refill is SIMPLER than it would be to replace cartridges and there is usually no head cleaning involved.

  2. Stephen, I agree totally. They are not the only company bricking hardware and software. Include Apple, Microsoft, Adobe, and Quicken. There have been numerous court cases involving your exact printer cartridge issue. In all cases, the court sided with customers. There is a great deal of legal history regarding mfg control of products after sale. Sorry, once someone has purchased your product, “they own it,” and can do what they like. Mfg like to claim that you are “licensing software for use” under their license terms. NO. I buy a Mac or a printer, I own it, despite what is on pare 186 of their “license agreement.”

    Bricking updates are common. They are always misrepresented as “security updates.”

    We had a “Brother party,” where we threw a bricked printer off the second story, then sent the pieces in under warrantee.

    It is unfortunately the way of the world, today. If China does not steal it, which they will, the US companies will brick it. Maybe some hackers should try to brick all our satellites?

    – Kim Rubin

Leave a Reply

featured blogs
Apr 19, 2024
In today's rapidly evolving digital landscape, staying at the cutting edge is crucial to success. For MaxLinear, bridging the gap between firmware and hardware development has been pivotal. All of the company's products solve critical communication and high-frequency analysis...
Apr 18, 2024
Are you ready for a revolution in robotic technology (as opposed to a robotic revolution, of course)?...
Apr 18, 2024
See how Cisco accelerates library characterization and chip design with our cloud EDA tools, scaling access to SoC validation solutions and compute services.The post Cisco Accelerates Project Schedule by 66% Using Synopsys Cloud appeared first on Chip Design....

featured video

MaxLinear Integrates Analog & Digital Design in One Chip with Cadence 3D Solvers

Sponsored by Cadence Design Systems

MaxLinear has the unique capability of integrating analog and digital design on the same chip. Because of this, the team developed some interesting technology in the communication space. In the optical infrastructure domain, they created the first fully integrated 5nm CMOS PAM4 DSP. All their products solve critical communication and high-frequency analysis challenges.

Learn more about how MaxLinear is using Cadence’s Clarity 3D Solver and EMX Planar 3D Solver in their design process.

featured chalk talk

Accessing AWS IoT Services Securely over LTE-M
Developing a connected IoT design from scratch can be a complicated endeavor. In this episode of Chalk Talk, Amelia Dalton, Harald Kröll from u-blox, Lucio Di Jasio from AWS, and Rob Reynolds from SparkFun Electronics examine the details of the AWS IoT ExpressLink SARA-R5 starter kit. They explore the common IoT development design challenges that AWS IoT ExpressLink SARA-R5 starter kit is looking to solve and how you can get started using this kit in your next connected IoT design.
Oct 26, 2023