Printers already have a reputation for being a nuisance, but HP might be attempting to use cybersecurity concerns as a reason to make things worse, looping customers into buying a subscription service for ink.
The company’s CEO, Enrique Lores, recently addressed the controversy surrounding HP’s latest practice of bricking printers that utilize third-party ink. Lores explained to CNBC Television that third-party ink cartridges go against the Dynamic Security system engrained in many HP printers and can make the devices susceptible to viruses.
He also explained that HP’s long-term goal is to create a printing subscription service that customers must buy into, noting that the company loses money with its hardware, but its software and services are profitable.
“This is something we announced a few years ago that our goal was to reduce the number of what we call unprofitable customers,” Lores told CNBC Television. “Because every time a customer buys a printer, it’s an investment for us. We’re investing [in] that customer, and if this customer doesn’t print enough or doesn’t use our supplies, it’s a bad investment.”
Frustrated HP consumers have already taken the class action lawsuit route.
Currently, the Dynamic Security system includes chips or circuitry in the brand’s ink cartridges, which allow HP printers to identify their companion accessories and work at optimum capacity. HP has also used these chips to disable printers from working through software updates when third-party ink cartridges are installed, according to Ars Technica.
Frustrated HP consumers have already taken the class action lawsuit route, claiming they were unaware that firmware updates sent to their HP printers between 2022 and early 2023 would negatively affect the functionality of the products due to using third-party ink cartridges. In addition to monetary compensation, the lawsuit asks that HP refrain from deploying firmware updates that render consumers’ products useless.
In response to Lores’ comments, the customizable laptop maker Framework joked on X (formerly Twitter), “We really, really don’t want to have to make a printer, but wow.”
We really, really don’t want to have to make a printer, but wow. https://t.co/csPXU7oRUK
— Framework (@FrameworkPuter) January 25, 2024
HP argues that research has shown that third-party ink cartridges can be a potential gateway for printers being infected with malware. The study, conducted by research firm Actionable Intelligence, demonstrated that HP’s Dynamic Security system blocked a printer from being hacked while bad actors overtook a printer with a third-party ink cartridge. The research found that malware still existed on the printer even when the infected cartridge was removed.
However, HP admitted that the research was largely hypothetical, adding that even if such an attack happened, it would likely be aimed at high-profile victims due to the level of resources and skills it would require. Everyday consumers and businesses would be low on the threat list. Furthering the unlikelihood of such an attack, Ars Technica spoke to cybersecurity professionals via the social media platform Mastodon and Graham Sutherland, known as Polynomial, noted that the task HP has described is “wildly implausible even in a lab setting.”
Though bad actors are becoming increasingly craftier with their methods of attack, there seem to be simpler ways to cause security threats, such as hacking unchecked software vulnerabilities.
For example, an April 2023 study of enterprise routers sold secondhand to online resellers uncovered many of the devices were not factory reset and wiped of their data before being sold, making them a source of serious security concern.
The publication pieced together that HP appears more interested in building a profitable ecosystem around its printer brand and less about actual security. It noted that the brand began using its Dynamic Security system in 2016, but its research dates to 2022. Additionally, HP established a bug bounty program in 2020, which has largely been aimed at identifying third-party cartridges, which it claims violate its intellectual property (IP) and is another argument for bricking consumers’ printers. While proclaiming that the brand cannot guarantee the safety of third-party ink cartridges, the aim might be to nudge consumers toward using HP ink exclusively.
Consumers have not taken well to the matter. The brand has faced and settled several prior lawsuits due to preventing functions on printers when customers aren’t using HP ink, having already paid millions of dollars. In addition to the most recent class action lawsuit, many have begun avoiding firmware updates to their printers and advising other users to do the same.
As noted by Ars Technica, while it might seem like a simple solution to avoid printers from being bricked, it is also a challenge because these users might miss out on important updates that are actually vital for security.