EFF tells HP to roll back crippling firmware update that bricked printers
EFF slams manufacturer for making printers incompatible with third-party ink cartridges.
HP has been told to "make amends" for purposefully crippling customers' printers for using ink from other manufacturers. The Electronic Frontier Foundation (EFF) has called on HP to roll back a firmware update that prevents its printers working with non-HP ink cartridges and publicly apologise for deceiving customers.
Earlier in September, HP customers received error messages on their printers informing them that their ink cartridges were damaged. It soon transpired that HP had activated a kill-switch of sorts lying dormant in its printer firmware that would render a printer useless if a third-party ink cartridge was detected.
While HP claimed the feature was designed to protect its intellectual properties, customers reported that even refilled HP cartridges had been rendered useless. This meant that the only way to restore functionality to their printers was to pay for new, more expensive cartridges made by HP.
In an open letter HP CEO Dion Weisler, Cory Doctorow, EFF Special Advisor, chastised the manufacturer for attempting to monopolise pricing and abusing its security update mechanism in order to trick customers.
"HP customers should be able to use the ink of their choosing in their printers for the same reason that customers should be able to choose whose bread goes in their toasters," said Doctorow. "HP customers should choose HP ink because it is the best, not because their printer won't work with a competitor's brand."
"By giving tens of millions of your customers a reason to mistrust your updates, you've put them at risk of future infections that could compromise their business and home networks, their sensitive data, and the gadgets that share their network with their printers, from baby monitors to thermostats."
A wolf in sheep's clothing
Doctorow also pointed out that HP failed to disclose that its printers would stop working with non-compliant ink cartridges, despite knowing about it for months. He claimed that the activation of the so-called anti-feature had been disguised as a security update in order to fool customers.
"The software update that prevented the use of third-party ink was reportedly distributed in March, but this anti-feature itself wasn't activated until September. That means that HP knew, for at least six months, that some of its customers were buying your products because they believed they were compatible with any manufacturer's ink, while you had already planted a countdown timer in their property that would take this feature away.
"Your customers will have replaced their existing printers, or made purchasing recommendations to friends who trusted them on this basis. They are now left with a less useful printer — and possibly a stockpile of useless third-party ink cartridges."
The EFF has advised HP to immediately begin corrective measures in order to "repair the damage it has done to its reputation and the public's trust." This includes apologising to customers and restoring original functionality to their printers and committing to never again distributing similar anti-features via firmware updates.
HP must in future fully disclose the full effects of any planned software updates, including any intentions to remove capabilities from devices, the Foundation said.
Doctorow added that HP's use of a technical countermeasure to exclude other-label ink cartridges suggested the manufacturer might invoke Section 1201 of the Digital Millennium Copyright Act, which makes it illegal to bypass measures that control access to copyrighted works.
'Catastrophic security vulnerabilities'
The EFF therefore requested that HP promise never to invoke Section 1201, as it would mean that that security researchers would be put off from disclosing vulnerabilities in HP's products and face legal consequences if they did.
Doctorow said: "HP printers, like most other networked computers, have suffered well-documented, catastrophic security vulnerabilities that exposed customers' whole networks to attacks...given the history of attacks on printers, and the widespread distribution of your products, this is the last thing you should want."
When approached by IBTimes UK, HP offered the following response: "HP is constantly improving security for its products and customers. The purpose of this update is to protect HP's innovations and intellectual property. These printers will continue to work with refilled or remanufactured cartridges with an Original HP security chip.
"Other cartridges may not function. In many cases this functionality was installed in the HP printer and in some cases it has been implemented as part of an update to the printer's firmware."
An official HP 940XL four-pack of cartridges has a RRP of £115.50 on Amazon. Generic OfficeWorld 940XL cartridge four-packs are available for £13.99.
© Copyright IBTimes 2024. All rights reserved.