HP Continues its Cyber Scare Campaign over Chips
HP has made fresh claims that the microchips used in aftermarket printer cartridges may be a gateway for hackers to access the data of end users.
It was a claim HP made back in late 2020. Many saw that at the time as a “scare campaign” attempt by HP to win customers back, and away from the use of third-party supplies.
However, the scare campaign has re-emerged as HP attempts to remove choice from its customers wanting to use third-party supplies in their printers. The new claims go hand in hand with the alleged ongoing need for firmware upgrades that are another strategic tactic to prevent users from using third-party supplies, limiting consumer choice.
According to Actionable Intelligence, three key HP personnel recently and exclusively shared results from HP’s Bug Bounty program revealing third-party cartridges with a reprogrammable chip could be hacked.
Top-level staff allegedly reported that “hackers can use reprogrammable cartridge chips to gain a backdoor through printers to larger IT networks.” They revealed that a researcher in HP’s Bug Bounty program had managed to break into a printer using a third-party inkjet cartridge with a reprogrammable chip. Consequently, HP conducted firmware upgrades for its customers to remedy some found security flaws—in September 2022.
Flaws are in the Argument—Not the Chips
HP claims the third-party chips are vulnerable to hacking because they are “reprogrammable.” The reason they are reprogrammable, of course, is that HP continues to alter the code in its customers’ printers through stealthy firmware upgrades.
However, this is the point that is being overlooked: the chips in HP’s printers are also “reprogrammable” otherwise they would not be able to be upgraded.
If HP claims chips in printer cartridges are vulnerable to hackers because they are reprogrammable, then surely, logic suggests that their printers are also vulnerable to hacking because they contain “reprogrammable” chips too.
The top-level HP staff reported that the same researchers in HP’s Bug Bounty program had unsuccessfully tried to hack into HP’s robust printer chips. They failed. Consequently, HP claimed its chips contain enhanced security protections. That is good to know. HP’s customers can be comforted in knowing the sophisticated “reprogrammable” chips in their printers cannot be hacked.
It should also be noted that the researchers, developers, and manufacturers of third-party chips also conduct rigorous security testing to ensure information security. They invest extensively in maintaining the security of the chips they use in printer cartridges.
Following the recent firmware upgrades to printers, to plug the flaw mentioned above, HP staff were asked, “Well now that we have fixed it, are we good to go with non-HP cartridges?” The reply given was” “third-party chips may still pose a risk.”
The staff used the word “may” because, quite rightly, HP does not control third-party chips. But they could not convincingly argue that third-party chips were a risk either. Certainly no more than the “reprogrammable” chips used in the printer.
Why Do Printer OEMs Use Chips?
The aftermarket has continued to provide choices for consumers by offering third-party supplies. Globally, they have attracted a very lucrative 10% market share for color and up to 30% for monochrome consumables.
With the advent of smartphones and tablets, the demand for printing devices and supplies in the world’s two largest markets—North America and Western Europe—declined. Documents could be shared digitally and the decline in printed pages was not offset by the growth of printing in developing regions of Latin America, Central Europe, Asia and Africa.
The only way the OEMs could satisfy their shareholders was to grow their markets by clawing back the market share that was still being captured by the aftermarket.
Inkjet and toner cartridges have not always contained chips. Before 2000, no chips were used with toner or ink cartridges. The first chips were used on ink cartridges. They were very simple by today’s standards and were used by the printer OEMs to allegedly establish better communication between the cartridge and the printer to ensure a better user experience in terms of quality and page yield.
However, the aftermarket was immediately locked out. It did not have the chip technology capability to provide a solution for its remanufactured cartridges. The OEMs seemed to have “won” back their lost markets.
These chips have often been referred to as “killer chips” because they prevented the use of aftermarket cartridges that contained no chip or relied upon reusing the existing chip.
All the printer OEMs began to install chips in their supplies and consumers were forced to buy the more expensive OEM supplies. Trade associations sprung up in almost every country so aftermarket cartridge “remanufacturers” could work together to find solutions. Remanufacturers argued the killer chips were a threat to “choice” for consumers, who would be forced to use OEM cartridges only. But from an OEM perspective, the arguments fell on deaf ears.
The development of smarter, smaller chips continued and by 2015 they had become quite sophisticated. The use of chips had impeded the growth of the competing aftermarket supplies in the past and it could continue to do so with the newer chip designs that used sophisticated algorithms. The aftermarket spent significant resources of money and time to find workaround solutions and was able to keep third-party supplies as a viable alternative.
Why do OEMs Use Firmware Upgrades?
Printers were then deemed to be a gateway for hackers wanting to access personal, corporate and confidential data from companies and individuals. Beginning in March 2017, some OEMs began to launch firmware updates which were sent invisibly through the internet to change the coding in printers and cartridges. The OEMs argued these irregularly timed updates provided users with a better printing experience by providing dynamic security updates to prevent inappropriate hacking of data.
However, consumers found that their third-party cartridges failed after the firmware updates were activated. Again, frustrated users complained about being “locked out” by having cartridges that simply would not work.
Yet again, the aftermarket responded and developed strategies to update third-party supplies to enable them to be used. Convenient, innovative, environment-friendly and remote upgrade solutions were developed and launched to address the frequent firmware updates.
Consumers have had enough. Class action lawsuits and legal challenges have already provided some consumers with small wins against printer OEMs. You can expect to see more such cases taking place in the future if printer OEMs continue to “lock out” their customers from having a choice when it comes to supplies.
Please add your comments below about this news story, “HP Continues its Cyber Scare Campaign over Chips,” or join the conversation on social media.
David Gibbons has 45 years of experience, knowledge and skills in business (management, consultancy, strategic planning) and communication (teaching, event management, fundraising, journalism, broadcasting and new/digital media—social, website, app development). He started and ran a successful cartridge remanufacturing business in Sydney and was also the Executive Officer of the Australasian Cartridge Remanufacturers’ Association for 7 years.
In 2011, Gibbons relocated to RT Media in Zhuhai, China where he has been a director responsible for strategic planning, senior management, event planning, marketing, broadcasting and magazine publishing on behalf of the global imaging supplies industry.
His other blogs include:
- Using Chip Technology to Control Consumer Choice and Markets
- 5 Quick Questions: Investing in Your Supply Chain
- Are You the Missing Link in the Industry Chain Berto Asks
- 6 Quick Questions: E-commerce and the New Normal: Interview with Aaron Leon
- Bike Courier Services Boom in China During Coronavirus
- Meeting the Market’s Changing Demands: SCC Responds
- Dealing with Printer Firmware Upgrades: Megain’s Wang Hua
- Best Position Ever – Serving Customers During an Economic Slowdown
- Where were you in 2019? Everything is About to Change
- A Misplaced Australian in China – a different world view
- Have you seen the news?
- To Be? Or Not to Be? … But that’s NOT the Question
- What the Dickens? Americans used to abuse IP rights too.