HP newsroom blog
cancel
Showing results for 
Search instead for 
Did you mean: 
Published: September 28, 2016

Editor’s note: This post was updated Oct. 12, 2016 to include information about the availability of the firmware update.

IPN197224_afr_ConferenceRoom.jpg

HP engineers the best and most-secure printing systems in the world. We strive to always provide the highest-quality experiences for our customers and partners. As a new company, we are committed to transparency in all of our communications and when we fall short, we call ourselves out.   

There is confusion in the market regarding a printer firmware update – here are the facts:

We updated a cartridge authentication procedure in select models of HP office inkjet printers to ensure the best consumer experience and protect them from counterfeit and third-party ink cartridges that do not contain an original HP security chip and that infringe on our IP.

HP printers and original HP ink products deliver the best quality, security and reliability. When ink cartridges are cloned or counterfeited, the customer is exposed to quality and potential security risks, compromising the printing experience. 

As is standard in the printing business, we have a process for authenticating supplies. The most recent firmware update included a dynamic security feature that prevented some untested third-party cartridges that use cloned security chips from working, even if they had previously functioned.

We should have done a better job of communicating about the authentication procedure to customers, and we apologize. Although only a small number of customers have been affected, one customer who has a poor experience is one too many.

It is important to understand that all third party cartridges with original HP security chips continue to function properly.

As a remedy for the small number of affected customers, we have issued an optional firmware update that removes the dynamic security feature. 

To get the update, customers should visit support.hp.com, select their product, select the product support page, and click on the Software and Driver table to download it. Additional information about this update, including answers to frequently asked questions, can be found in HP’s Support Forum.

We will continue to use security features to protect the quality of our customer experience, maintain the integrity of our printing systems, and protect our IP including authentication methods that may prevent some third-party supplies from working.

However, we commit to improving our communication so that customers understand our concerns about cloned and counterfeit supplies. Again, to our loyal customers who were affected, we apologize.

Sincerely,

Jon Flaxman
Chief Operating Officer, HP Inc.

    Corporate
Published: May 12, 2017

As I am sure that some of you have read, on May 11, a Swiss cyber-security firm, Modzero AG, released a whitepaper highlighting that a keylogger issue – which in this case, is debug code – that is present in Conexant audio drivers on select HP computers.

At HP, customer security is our top priority, so I wanted to give an update on the issue, what we have done, and our best advice to customers.

First and most importantly, there is a fix for our commercial PCs available on HP.com as of today, May 12, with fixes for all consumer PCs scheduled to be available on May 13. In addition, HP has not had, nor will it have, any access to user data as a result of this issue.

When HP learned about this earlier this month, our Cyber Security team immediately investigated the issue, found the root cause and worked on a fix. In addition to being available on HP.com, we are also in the process of getting it published through Microsoft’s Windows Update Service. This is so customers – especially those with PCs not managed by an IT organization – will get the update automatically. For customers whose PCs are managed by their internal IT team, the update is available for deployment through their standard sets of tools.

As Modzero’s report states, there was a keylogger capability in the Conexant HD audio driver package that is preinstalled on some HP PCs. This capability was created by Conexant during the development process to help debug an audio issue. Adding debug code is a normal part of the development process and such code is supposed to be removed and never included in a commercially available product. Unfortunately, in this case, Conexant did not remove the code. We certainly never intended to include this code in shipped products.

The debug code stores keystrokes in a log file that it creates to help developers diagnose an issue. This code is stored in a file locally on the PC, and then it is cleared out each time the user logs off and whenever the PC is rebooted.

Some media coverage suggested that the log files are sent back to HP. These articles are inaccurate – such information is never sent back to HP. Again, HP never intended to include this functionality in a shipped product used by customers. What is most important to know is that there is an immediate commercial fix available with all consumer fixes available by May 13.

This issue effects certain commercial notebooks and desktop systems manufactured since 2015. In addition, a select set of our consumer systems are effected. For more information on the exact systems that need an update to the audio driver, check out our security advisory.

Our best advice to customers is to install the updated driver package. If you are a consumer customer or a business without a dedicated IT team, we recommend using Window Update to keep your PC updated automatically. For customers with a dedicated IT organization, download the Softpak from HP.com and distribute the updated driver package as you would any other update. Given the nature of this issue, our advice is to deploy this update as quickly as possible.

While HP didn’t create the driver, our job is to keep the customer safe even when the issue is with third-party code. We have learned from this situation and will work to with our partners to further verify the debug code is removed from their software before it goes final. That said, we will also continue to work with the security community to learn about these issues if they do come up, and then work to make sure we can get high quality fixes out to customers as quickly as possible, just as we are doing in this case.

For more information, please read the security advisory available here.

 

Published: May 12, 2017

On May 11, Swiss based cyber-security firm Modzero AG released a whitepaper highlighting that a keylogger (a debug capability) is present in HP’s audio drivers on some notebook computers. HP is committed to the security and privacy of its customers and we are aware of the capability on select HP PCs. HP has no access to customer data as a result of this issue. Any data logged is erased each time a user logs off or restarts their machine. Our supplier partner developed software to test audio functionality prior to product launch and it should not have been included in the final shipped version.  A commercial fix is available now with all consumer fixes available on May 13.

More information can be found in our security advisory.  

Published: January 29, 2017

At HP, regardless of economic and political circumstances, part of our core values is to support our employees and their families. We are concerned with the recent developments and do not support measures that discriminate against any group. Our first priority is to identify the affected people we have around the globe and determine how best to support them.  We are dedicated to diversity and inclusion and have been doing business in 170 countries for over 70 years and look forward to continuing to do so.   

Published: December 01, 2016

A few headlines have cropped up over the past week regarding a battery recall on the part of HP.
_XmUEklf.jpgIn fact, HP has not issued such a recall and is ensuring that the recent published reports on this issue is being corrected.

reached out to the U.S. Consumer Product Safety Commission (CPSC) and reported the error. CPSC has since removed the links.

A CPSC spokesperson, in reply, issued the following statement: 

"On Wednesday, November 23rd CPSC erroneously re-published a HP notebook battery recall from 2006 to our homepage while making improvements to our website. The recall was removed quickly, but has since been reported on by a number of media outlets as a new recall. There is no re-announcement or new recall regarding HP notebook batteries. We apologize for this mistake."

 The organization also posted a two-part clarification on Twitter about the error:

In service to its customers, HP participates in voluntary replacement programs for components or products that may cause functionality issues but are not related to a safety hazard. HP also participates in voluntary recall programs when a defective part is shown to cause a potential safety hazard in cooperation with country government safety authorities.

For current and past recall information regarding HP’s consumer products, visit HP’s official site for replacement programs and product recalls and follow @HPSupport.

Published: November 22, 2016

HP Inc. (HPQ) today released its fiscal year 2016 and fourth-quarter earnings results, delivering its first full year financial commitments. The company showcased its strategy of managing core business segments while also investing in growth opportunities for the future.

For the fourth quarter, HP announced net revenue of $12.5 billion, an increase from the prior year: 

OHS_EDL16A104_EarningsInfograms_FINAL-2_Graphic1.jpg

 

The company’s personal systems segment had strong financial and operational performance, outperforming top competitors:

 

OHS_EDL16A104_EarningsInfograms_FINAL-2_Graphic2.jpg

 

HP’s Print business is well-positioned for FY 2017. 


OHS_EDL16A104_EarningsInfograms_FINAL-2_Graphic3.jpg

 

For more details about HP’s fourth-quarter and first fiscal year performance, read the press release or visit our Investor Relations site for specific data points.