HP To Issue 'Optional Firmware Update' Allowing 3rd-Party Ink

Soon after the Electronic Frontier Foundation (EFF) issued a letter to HP, calling for them to apologize to customers for releasing firmware that prevents the use of non-HP ink cartridges and refilled HP cartridges, the company has responded with a temporary solution. HP "will issue an optional firmware update that will remove the dynamic security feature" for certain OfficeJet printers. Ars Technica reports: HP made its announcement in a blog post titled "Dedicated to the best printing experience." "We updated a cartridge authentication procedure in select models of HP office inkjet printers to ensure the best consumer experience and protect them from counterfeit and third-party ink cartridges that do not contain an original HP security chip and that infringe on our IP," the company said. The recent firmware update for HP OfficeJet Pro, and OfficeJet Pro X printers "included a dynamic security feature that prevented some untested third-party cartridges that use cloned security chips from working, even if they had previously functioned," HP said. For customers who don't wish to be protected from the ability to buy less expensive ink cartridges, HP said it "will issue an optional firmware update that will remove the dynamic security feature. We expect the update to be ready within two weeks and will provide details here." This customer-friendly move may just be a one-time thing. HP said it will continue to use security features that "protect our IP including authentication methods that may prevent some third-party supplies from working." Without the optional firmware update, printers will only be able to use third-party ink cartridges that have an "original HP security chip," the company said.

So, the fascist douchehammers stepped back.

Interesting. I like the hurt tone of the press release. "We're just trying to protect you from your cheap piratatical impulses. You could catch something horrible from those illegal immoral filthy aftermarket cartridges, and when you buy one of those things your money goes straight to ISIS' Fund for Killing Adorable Puppies. But whatever, you cretinous monkeys, if you want to hate Freedom and break all the laws of Nature and This Great Country, go ahead and download this new firmware. Download and be damned!"

Re:So, the fascist douchehammers stepped back.

I love this contorted verbiage...

" For customers who don't wish to be protected from the ability to buy less expensive ink cartridges"

Oh please protect me from the ability to sav3e money !

The only thing "protected" is profit

[Dr_b_]

If you didnt spend so much $ on putting security chips in your ink cartridges then maybe you could sell them for less $. Ink is a commodity, if someone wants to put generic ink in their machine, it should not be an intellectual property crime to do so, but since you sell the printers at a loss and make all of your $ on ink sales, maybe you need to rethink your business model. What's next people? Coffee machines that prevent you from using your own coffee that didn't come from the manufacturer of the coffee machine?

Maybe my next printer won't be an HP

[lbates_35476]

I've been a loyal seller, fan, user of HP printers since the first HP Laserjet. This has made me pause to think perhaps my next printer won't be an HP. To HP: I don't need or require your protection. If I purchase a non-HP ink cartridge and it doesn't work properly, I'll get burned and will then purchase your cartridges. If I find that other (lower cost) cartridges work just fine, I'll use them and you will learn to be more competitive.

It's not a security chip!

It's a fuck you chip to use any other cartridge or ink in 'your' printer.
The chip is largely a joke to the consumers and is purely for anti-competetive practices.

Fuck you HP

Why...

[ewhenn]

Serious question - why does your printer have access to the Internet? This is poor security protocol. Proper security is to drop traffic by default, white list what you need. You never truly know what your devices will try to do. As an example, I installed security cameras outside my home and linked them to a linux based PVR for the interface/recording. I noticed that my firewall was dropping tons of data from the IPs assigned to the cameras. A quick dump of the traffic uncovered all cameras trying to connect out to a pair of IPs hosted on amazonaws. I never asked or gave consent for this to happen. The same thing would go with a printer, I don't want it to have access to the Internet. The only thing I want it to do is to print pages I send to it. It doesn't need to update firmware unless I manually push it, in which case I'd have a pretty damn good reason - which wouldn't include limiting my ink cartridge choices. For reference, here is a data dump from one of those cameras.

master@EdgeRouter:~$ sudo tcpdump -i eth0 host 192.168.1.248
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
22:13:46.947684 IP 192.168.1.248.58611 > 192.168.1.1.domain: 895+ A? www.nwsvr1.com. (32)
22:13:46.948215 IP 192.168.1.1.domain > 192.168.1.248.58611: 895 1/0/0 A 54.247.103.91 (48)
22:13:46.996373 IP 192.168.1.248.33102 > 239.255.255.250.1900: UDP, length 421
22:13:48.191871 IP 192.168.1.248.14620 > ec2-54-245-98-57.us-west-2.compute.amazonaws.com.32100: UDP, length 4
22:13:48.192026 IP 192.168.1.248.14620 > 123.56.159.92.32100: UDP, length 4
22:13:48.192104 IP 192.168.1.248.14620 > ec2-54-217-201-148.eu-west-1.compute.amazonaws.com.32100: UDP, length 4


Do you want your devices to serve you, or do you want your devices to serve the device maker and their will? It might seem extreme to some but as far as I'm concerned the only sane thing to do is treat *every* device as hostile until you know otherwise, drop all packets with a hardware firewall by default, and only approve the traffic you want to go out.