HP Printer says the update was part of a long-standing effort to protect customers from using counterfeit or ‘unauthorised’ cartridges.
Researchers have been demonstrating attacks against printers for years. Now, Hewlett-Packard has started building defenses directly into its printers’ firmware instead of just patching individual vulnerabilities.
Printer manufacturer HP has apologised to customers for a software update that made some of its printers stop working with ink cartridges from competing suppliers.
The update reportedly left some customers unable to use replacement ink, even if their printers had accepted the same cartridges in the past.
HP’s apology comes after critics complained the firm had over-reached by interfering with its customers’ right to choose ink suppliers. Critics also warned it could make customers less likely to accept future software updates, leaving their printers vulnerable to hackers or malware.
The company’s new M506, M527, and M577 series of LaserJet Enterprise printers, set to go on sale in October and November, will have built-in detection for unauthorized BIOS and firmware modifications.
HP refers to this capability as “self-healing security,” but it’s actually a set of code integrity checking mechanisms that security researchers have asked embedded systems manufacturers to implement for years.
One of the new features, called HP Sure Start, validates the integrity of the BIOS code at boot time, and if any modification is detected it reboots the device and loads a clean copy. This is based on a similar feature that HP’s Elite line of PCs have had since 2013.
The BIOS is the low-level software that is responsible for initializing hardware components and booting the operating system.
Another new security feature that HP calls whitelisting is an integrity checking mechanism for the FutureSmart firmware, the OS of HP LaserJet enterprise printers. It ensures that the firmware code has not been tampered with and is digitally signed by HP before loading it into memory.
Finally, the new printers also include a run-time intrusion detection system that monitors memory operations while the printers are in use and checks for signs of potential compromise. If an intrusion is detected, the device is rebooted.
The good news is that these security features can also be added to older printers. All HP LaserJet Enterprise printers that have been released since April will be able to benefit from them through a firmware update.