Watch out: dangerous firmware upgrade HP printers rendering 3rd party cartridges useless

[stratman]

You can always try visiting Windows\System32\drivers\etc and locate this Host file and put in this blocking method.

Yes, you can create your own blacklist. But it could be far easier to use your firewall application to control data flow. Also, some maleware can change your Hosts file.

Example on how to use Norton Security's firewall to block traffic for specific applications:

Click on the Norton Security icon to bring up the main window. Click on Settings found at the top right of that window. Click on Firewall in the list. Click on Program Control. The list generated are all the applications you have installed that want access to the internet. You can Allow, Block, or Customize access for each item in the list. The trick is to block the application(s) in the list that do the phoning home for updates to your printer's firmware/software.

 

[stratman]

The HP firmware saga and how to prevent:

http://www.lifehacker.com.au/2016/0...placement-cartridges-for-its-inkjet-printers/

 

[websnail]

Did a bit of digging and one key way to block this sort of shenanigans with HP printers is to do a driver only installation of an early version of the driver and disable Web Services on your printer.

This seems to have saved the Pro-X551DW and 451DW I have working in the unit and in all honesty it's avoided all the bloat that HP include with their software packages anyway...

 

[websnail]

Write up from Actionable Intelligence on this here:
http://www.action-intell.com/2016/0...-disables-some-third-party-inkjet-cartridges/

One thing that's interesting and maybe relevant is that the Static Control chips are not affected whereas Apex types are, albeit those of an early manufacturing date... Apex apparently have a new version available but chances are high that there's a high percentage of old stock still out there, hence the sudden surge of "What the..." recently reported.

The bit that's particularly interesting though is that the firmware update seems to have come via the Windows 10 anniversary update rather than via HP itself.

I'm running a Win 10 setup here so not sure why my printers weren't affected but part of that may well be the points I made yesterday about disabling Web Services on the printers themselves and the fact that everything is on the network, not via USB.

Chances of me testing this theory further? Not likely mate

 

[stratman]

everything is on the network, not via USB.

WAN, LAN, WiFi???

The key is blocking the printer from phoning home by whichever method is chosen.

The bit that's particularly interesting though is that the firmware update seems to have come via the Windows 10 anniversary update rather than via HP itself.

I'm running a Win 10 setup here so not sure why my printers weren't affected

Did you install the Anniversary update??

You may not be able to block the printer firmware update IF the update is delivered as a MS Win 10 update. The Enterprise edition of Win 10 can block all updates. Other versions of Win 10, at least the Pro version that I know, you can delay certain updates for several months. but eventually they will be installed. Certain other updates will not be delayed because MS finds them too important to be overridden at all. However, you can uninstall an offending MS update and block it from being reinstalled in Win 10.

All updates are recorded and you can review the list on the Update & Security window to see what has been installed by MS. What is the specific MS update that is theorized to upgrade the printer's firmware? I do not see anything apparent from the link.

If the printer's firmware is being updated from a MS upgrade or update then it is a dicey proposition that could result in an increase in Tech Support calls for malfunctioning printers. Not only must the printer be turned on and the user have Administrator privileges, but, critically, the user must be warned to not turn off the power during a firmware upgrade. Historically, one should also not be performing other functions during a firmware upgrade or you could also brick the EEPROM. There is a whole lot going on during the Anniversary Upgrade beside an alleged firmware upgrade.

 

[websnail]

WAN, LAN, WiFi???

Wired LAN... IPv4 is using DHCP via the server.

The key is blocking the printer from phoning home by whichever method is chosen.

Interestingly enough there's nothing ostensibly blocking access to the internet but Wireless direct is disabled.

Did you install the Anniversary update??

I didn't install it directly and will need to check the one Windows 10 system we have but I do remember a major update that borked all kinds of things on Friday.

You may not be able to block the printer firmware update IF the update is delivered as a MS Win 10 update. The Enterprise edition of Win 10 can block all updates. Other versions of Win 10, at least the Pro version that I know, you can delay certain updates for several months. but eventually they will be installed. Certain other updates will not be delayed because MS finds them too important to be overridden at all. However, you can uninstall an offending MS update and block it from being reinstalled in Win 10.

To be honest I'm seriously considering dumping Windows 10 altogether.. Instead of being easier to use it's been a pain in the backside with numerous issues akin to this... Doesn't help resolve this particular issue though.

All updates are recorded and you can review the list on the Update & Security window to see what has been installed by MS. What is the specific MS update that is theorized to upgrade the printer's firmware? I do not see anything apparent from the link.

As yet the WinUpdate as culprit is just a theory but it would make more sense than a time-bomb approach... HP have certainly done this in the past with a firmware update albeit not through windows update...

Ultimately all the points you've made about the process of updating firmware hold true too..

Whatever the cause, the good news is the availability of alternative/update chips to resolve the issue..

 

[Hector Vilches]

The annoyance is that of being unable to trust your own equipment. We no longer control our own computers/phones/etc., and haven't for quite a while... We may think or feel as though we are in control, but look closely and you will see, it is a very thin veil.

Sure, you can firewall program 'X', or resolve domains to 127.0.0.1, or never click "Allow" for an update to run. Truth is, we do not always know who the adversary is and we have no way of knowing who's working with who. The delayed payload tactic has been used by viruses for millions of years, allowing its spread without anyone knowing until its too late. It was adopted by virus writers in the computer age, and HP has now employed it. Today, you cannot trust email you get from your mother!

Firmware updates have traditionally been easy to spot, because you can "brick" a device if power is lost, and all matter of warnings are shown to a user. That was then, but It doesn't have to be that way at all, and your phone is an example. Android moved many services out of the operating system layer in order to circumvent the phone and device manufacturers and increase adoption rates. So now Android can update many services without having to touch the OS and wait for manufacturer adoption.

How long before printers' internal "operating systems" become sophisticated enough that a 'firmware' update will be much quieter and seamless? And our use of the printer is agreement of the EULA, making it legal to happen without our consent.

 

[mikling]

The annoyance is that of being unable to trust your own equipment. We no longer control our own computers/phones/etc., and haven't for quite a while... We may think or feel as though we are in control, but look closely and you will see, it is a very thin veil.

Sure, you can firewall program 'X', or resolve domains to 127.0.0.1, or never click "Allow" for an update to run. Truth is, we do not always know who the adversary is and we have no way of knowing who's working with who. The delayed payload tactic has been used by viruses for millions of years, allowing its spread without anyone knowing until its too late. It was adopted by virus writers in the computer age, and HP has now employed it. Today, you cannot trust email you get from your mother!

Firmware updates have traditionally been easy to spot, because you can "brick" a device if power is lost, and all matter of warnings are shown to a user. That was then, but It doesn't have to be that way at all, and your phone is an example. Android moved many services out of the operating system layer in order to circumvent the phone and device manufacturers and increase adoption rates. So now Android can update many services without having to touch the OS and wait for manufacturer adoption.

How long before printers' internal "operating systems" become sophisticated enough that a 'firmware' update will be much quieter and seamless? And our use of the printer is agreement of the EULA, making it legal to happen without our consent.

Well said.
The printer can also be viewed like a computer where you purchase the printing engine and the firmware is licensed to you. After all, just take a look at your computer. It is nothing but a collection of chips held together but what makes it run is in essence firmware...i.e software.
You could have a printer with different levels of performance, each determined by the software it is running. You no longer own the printer, but each use is controlled either at a very base level if not networked to the cloud or at its fullest when it is connected to the mfr server and running their licensed OS. Interesting idea posed.

 

[Ink stained Fingers]

that's what you do all along in business - you rent the printing/copying service and pay for the page and don't care about the hardware - firmware, maintenance etc

 

[stratman]

Wired LAN... IPv4 is using DHCP via the server.

You may also be using NAT for an added layer of security as well.

the good news is the availability of alternative/update chips to resolve the issue.

That is quite a speedy counter move by the aftermarket industry! It can take many months, or never, for the Canon aftermarket to respond.