HP newsroom blog
cancel
Showing results for 
Search instead for 
Did you mean: 
Published: September 28, 2016

Editor’s note: This post was updated Oct. 12, 2016 to include information about the availability of the firmware update.

IPN197224_afr_ConferenceRoom.jpg

HP engineers the best and most-secure printing systems in the world. We strive to always provide the highest-quality experiences for our customers and partners. As a new company, we are committed to transparency in all of our communications and when we fall short, we call ourselves out.   

There is confusion in the market regarding a printer firmware update – here are the facts:

We updated a cartridge authentication procedure in select models of HP office inkjet printers to ensure the best consumer experience and protect them from counterfeit and third-party ink cartridges that do not contain an original HP security chip and that infringe on our IP.

HP printers and original HP ink products deliver the best quality, security and reliability. When ink cartridges are cloned or counterfeited, the customer is exposed to quality and potential security risks, compromising the printing experience. 

As is standard in the printing business, we have a process for authenticating supplies. The most recent firmware update included a dynamic security feature that prevented some untested third-party cartridges that use cloned security chips from working, even if they had previously functioned.

We should have done a better job of communicating about the authentication procedure to customers, and we apologize. Although only a small number of customers have been affected, one customer who has a poor experience is one too many.

It is important to understand that all third party cartridges with original HP security chips continue to function properly.

As a remedy for the small number of affected customers, we have issued an optional firmware update that removes the dynamic security feature. 

To get the update, customers should visit support.hp.com, select their product, select the product support page, and click on the Software and Driver table to download it. Additional information about this update, including answers to frequently asked questions, can be found in HP’s Support Forum.

We will continue to use security features to protect the quality of our customer experience, maintain the integrity of our printing systems, and protect our IP including authentication methods that may prevent some third-party supplies from working.

However, we commit to improving our communication so that customers understand our concerns about cloned and counterfeit supplies. Again, to our loyal customers who were affected, we apologize.

Sincerely,

Jon Flaxman
Chief Operating Officer, HP Inc.

    Corporate
Published: September 10, 2017

HP_Security_Council_Banner.jpg

 

HP’s Security Advisory Board enlists a trio of security experts to help it triumph in a malicious new world.

 

For decades, hackers fell squarely into two camps: “black hats” in it to show off their skills, and then later, for money, espionage and data theft, and “white hats” who breached systems to uncover flaws before the bad guys could find them and make sure companies promptly fix them.

Now, destruction for destruction’s sake has become a hallmark of the global cyberattack.  The foremost example being the 2012 Shamoon attack in Saudi Arabia on one of the world's largest oil companies, that wiped or destroyed 35,000 computers before the devastation was halted. Similar attacks aiming to render PC hardware inoperable have continued since, with Shamoon 2.0 earlier this year or even some of the NotPetya variants more recently. With malicious actors everywhere looking for any possible exploit, one key to surviving the constant escalation of threats is to keep reinventing how you stay ahead of the game.

A new Security Advisory Board organized by HP aims to do just that, by bringing a trio of outside security experts inside the company. All three initial members have unique first-hand expertise in the world of hacking and the latest developments in security technology and strategies.  

Michael CalceMichael CalceThe board builds on over two decades of HP leadership in cybersecurity for endpoint devices. As the world’s largest PC manufacturer and leading maker of printers, HP has driven a slew of security innovations, from technology that provides cryptographically secure updates of a device’s BIOS to run-time intrusion detection, which checks for anomalies, automatically rebooting when an intrusion is detected.

These security experts will act as a reconnaissance team, providing insights from the front lines that the company will use to reinforce its own security work. The board will also generate strategic conversations about the rapidly shifting security landscape with HP executives and the market. 

“We want to be the sharpest we can be on what the future holds, understanding the threat landscape today and being able to address the real problems of tomorrow,” says Boris Balacheff, HP’s chief technologist for system security research and innovation. 

The person HP chose to lead the advisory board is far from your run-of-the-mill corporate security expert. The new chairman, security consultant Michael Calce, a.k.a. “Mafiaboy,” launched his public career in 2000 at the age of 15 by unleashing a massive cyberattack that brought down Yahoo!, eBay and Amazon. It led to an FBI manhunt and $1.7 billion in economic fallout.  

Robert MasseRobert MasseJoining him is Robert Masse, a partner at a major consulting firm (acting independently in this instance), with more than 20 years of experience in cybersecurity, focusing on risk management and – ironically – a shared history with Calce. Following his own run-in with law enforcement over hacking when he was a teen, Masse provided guidance to Calce after his arrest.

A third member is Justine Bone, who began her career doing reverse engineering and vulnerability research at New Zealand’s version of the U.S. National Security Agency before leading security for companies, including Bloomberg LP. She’s now the CEO of MedSec, which analyzes technology security for healthcare companies.Justine BoneJustine Bone

The Security Advisory Board will work with HP to identify evolving threats and help companies adapt to the fundamental changes taking place in the security landscape. One of these changes is that inadequate security can’t be hidden anymore; the hackers’ armory is too deep and sophisticated and automated attack tools are constantly on the lookout for flaws to exploit. Bone says it takes only two and a half minutes after you plug in a smart camera or screw in a smart light bulb for an internet bot to compromise that device. Billions of connected devices span every inch of our economy and our lives, from supply chains and energy grids to connected cars.

That’s putting everyone under a microscope, from the top of the chain to the bottom. “Security has become an imperative for our customers,” says HP’s Balacheff.  With the average U.S. breach costing $7 million and intensifying scrutiny from consumers and investors, it’s increasingly clear that everyone throughout an organization, from a company’s security group up to the board, needs to be involved in anticipating security threats. “Originally cybersecurity was an IT problem. What we’re seeing is now it's being heavily looked at by the board and the audit and risk committee and treated like any other risk,” says Masse. “I think now's the time where we really have the opportunity to improve things at a much better level than before.”

Additionally, organizations need help understanding just how profoundly the thinking behind security strategy needs to change. Traditionally, companies felt that software or network security solutions would be the answer, however with the evolution of attacker sophistication and our increased dependency on devices for everything we do, it is no longer that simple. Security needs to start at the lowest level of hardware and firmware design.

When baby monitors are conscripted into botnets to launch assaults that take down Twitter and Netflix, it’s clear that any connected device can be attacked. And as the flood of network-connected gadgets continues to rise — 20 billion such devices are expected to be in service by 2020 — this challenge will only grow.

That’s why every device must be built from the ground up to be secure and able to adapt, says Calce. This principle is one the tech industry has always preached, but hasn’t always practiced. An example of this, Calce explains, is when a computer or printer boots up: up to a million lines of code can be executed before the device’s operating system is even loaded, in what is known the device's 'firmware' (often still referred to as BIOS in PCs). This occurs before the user is even able to see any kind of welcome screen. Designing protections, but also the ability to detect attack and recover a compromised device, that is how far HP has gone, trailblazing the future of endpoint security by designing hardware-enforced cyber-resilient devices.

“For years,” says Bone, “software and hardware makers were able to rely on security by obscurity. There was no upside to building in this quality all the way through the product because nobody was asking questions. Now, though, people are definitely asking.”

That’s where HP has been focused for years. The security board members say it’s paying off — that’s why they’re eager to work with HP to get this message out. 

“HP is looking to implement security on anything and everything they develop,” says Calce. “That’s the type of mindset we need if we ever want to have some level of security in this world.”

For more information on how HP is creating the most secure business devices in the world visit www.hp.com/reinventsecurity.

Published: August 07, 2017

As HP continues its journey to reinvent the global manufacturing industry, it is critical to have visionary and experienced leaders charting the way. Michelle Bockman, former executive vice president at GE Digital, recently joined HP to lead its 3D printing market expansion efforts.

At GE, Bockman most recently led the company’s ambitious strategy to build a software-driven digital future for large industrial customers. With more than 20 years of experience in a wide range of functions and industries, she’s led global operations, managed engineering, driven sales and marketing, built new digital businesses – even ran an industrial manufacturing plant.

Michelle BockmanMichelle BockmanBockman’s diverse experience gives her a fresh perspective on unlocking new value for customers who are reinventing their operations. We caught up with her to learn more about keys to driving the digital industrial transformation of production.

 

Q. Why did you choose this time to join HP?

A. We’re on the cusp of a new industrial revolution that could be greater than anything we’ve ever seen – ubiquitous connectivity, AI, robotics, the internet of things, 3D printing and more are all converging to drive unprecedented social and economic change. HP plays a central role in this revolution and is really leading the way with innovations in 3D printing, blended reality and other technologies businesses are embracing in their digital reinventions. Put this all together and we are poised to transform some of the largest industries on the face of the earth.

This is the place to be if you want to profoundly change the way people live, work and interact with one another. HP is one of the founders of Silicon Valley and has a strong heritage of reinvention which, quite frankly, also appealed to my entrepreneurial spirit. I can’t tell you how excited I am about this adventure in innovation. 

 

Q. Tell us about your new role leading the expansion of 3D Printing for HP. Where will you be focused?

A. To grossly oversimplify, I have a broad responsibility to expand the overall 3D printing market for HP in partnership with our foundational customers, strategic partners, and materials ecosystem, and drive the development of new digital services for the 3D printing business. What this really means is focusing on customer outcomes by working deeply with market leaders such as BMW, Jabil, Johnson & Johnson, and Nike as they embrace 3D printing to transform their businesses, and applying these lessons learned to the entirety of our product portfolio, so we can really accelerate development of new applications and services. 

It also means leading our global strategic alliances with SIs and software partners, and to drive our open materials strategy with the largest chemical companies on earth, as we’ll need to leverage the world to transform a $12 trillion industry. Finally, no digital industrial transformation is complete without developing the next generation of connected, digital services that unlock unique insights and value for our customers and partners.  

Q. As a longtime industry veteran, where do you see the greatest opportunities for change?

A. 3D printing technology has been around awhile, but it’s poised for a real breakout. The combination of new technology such as HP’s Multi Jet Fusion, which is up to 10 times faster and half the cost of other systems, plus the radical expansion of new materials with a simultaneous plummet in cost due to our open materials platform, means the economic promise of 3D printing is finally ready to deliver. This is no longer technology just for prototyping or the R&D team. This is a platform for large-scale industrial production. 
Couple the continued march of those innovations with the larger digital transformation unfolding across the entire design, production, and distribution workflow, and you have a massive opportunity to help companies innovate faster, be more agile in their manufacturing, and implement more flexible supply chains. This unlocks huge economic opportunity, new business models, and competitive advantage. I believe that those who invest in digital transformation will reap the rewards, and we are just scratching the surface of what this reinvention means for some of the largest companies and industries in the world.

Q. You’ve led a diverse range of functions over your career.  What else can you share with us from your journey?

A. I like to solve really hard problems with smart, curious and passionate people in industries that are changing the world. That’s what drew me to mechanical engineering in college and continues to drive me today. Over the course of my career, I’ve been lucky enough to experience many facets of businesses – from leading large organizations through change to developing new products and services to direct and daily interaction with the customer. At the end of the day what we do really matters if it delivers value to our customers and, in my mind, also delivers value to the world at large. I couldn’t be more thrilled to be part of the HP 3D printing team, which is striving to achieve exactly those goals.

Published: May 12, 2017

As I am sure that some of you have read, on May 11, a Swiss cyber-security firm, Modzero AG, released a whitepaper highlighting that a keylogger issue – which in this case, is debug code – that is present in Conexant audio drivers on select HP computers.

At HP, customer security is our top priority, so I wanted to give an update on the issue, what we have done, and our best advice to customers.

First and most importantly, there is a fix for our commercial PCs available on HP.com as of today, May 12, with fixes for all consumer PCs scheduled to be available on May 13. In addition, HP has not had, nor will it have, any access to user data as a result of this issue.

When HP learned about this earlier this month, our Cyber Security team immediately investigated the issue, found the root cause and worked on a fix. In addition to being available on HP.com, we are also in the process of getting it published through Microsoft’s Windows Update Service. This is so customers – especially those with PCs not managed by an IT organization – will get the update automatically. For customers whose PCs are managed by their internal IT team, the update is available for deployment through their standard sets of tools.

As Modzero’s report states, there was a keylogger capability in the Conexant HD audio driver package that is preinstalled on some HP PCs. This capability was created by Conexant during the development process to help debug an audio issue. Adding debug code is a normal part of the development process and such code is supposed to be removed and never included in a commercially available product. Unfortunately, in this case, Conexant did not remove the code. We certainly never intended to include this code in shipped products.

The debug code stores keystrokes in a log file that it creates to help developers diagnose an issue. This code is stored in a file locally on the PC, and then it is cleared out each time the user logs off and whenever the PC is rebooted.

Some media coverage suggested that the log files are sent back to HP. These articles are inaccurate – such information is never sent back to HP. Again, HP never intended to include this functionality in a shipped product used by customers. What is most important to know is that there is an immediate commercial fix available with all consumer fixes available by May 13.

This issue effects certain commercial notebooks and desktop systems manufactured since 2015. In addition, a select set of our consumer systems are effected. For more information on the exact systems that need an update to the audio driver, check out our security advisory.

Our best advice to customers is to install the updated driver package. If you are a consumer customer or a business without a dedicated IT team, we recommend using Window Update to keep your PC updated automatically. For customers with a dedicated IT organization, download the Softpak from HP.com and distribute the updated driver package as you would any other update. Given the nature of this issue, our advice is to deploy this update as quickly as possible.

While HP didn’t create the driver, our job is to keep the customer safe even when the issue is with third-party code. We have learned from this situation and will work to with our partners to further verify the debug code is removed from their software before it goes final. That said, we will also continue to work with the security community to learn about these issues if they do come up, and then work to make sure we can get high quality fixes out to customers as quickly as possible, just as we are doing in this case.

For more information, please read the security advisory available here.

 

Published: May 12, 2017

On May 11, Swiss based cyber-security firm Modzero AG released a whitepaper highlighting that a keylogger (a debug capability) is present in HP’s audio drivers on some notebook computers. HP is committed to the security and privacy of its customers and we are aware of the capability on select HP PCs. HP has no access to customer data as a result of this issue. Any data logged is erased each time a user logs off or restarts their machine. Our supplier partner developed software to test audio functionality prior to product launch and it should not have been included in the final shipped version.  A commercial fix is available now with all consumer fixes available on May 13.

More information can be found in our security advisory.  

Published: January 29, 2017

At HP, regardless of economic and political circumstances, part of our core values is to support our employees and their families. We are concerned with the recent developments and do not support measures that discriminate against any group. Our first priority is to identify the affected people we have around the globe and determine how best to support them.  We are dedicated to diversity and inclusion and have been doing business in 170 countries for over 70 years and look forward to continuing to do so.