Epson reported to Texas AG for bricking third-party ink cartridges

EFF argues Epson's practice is making users avoid installing firmware updates, leaving millions of printers and companies vulnerable to cyber attacks.
Written by Catalin Cimpanu, Contributor

he Electronic Frontier Foundation has sent a letter to the Texas Attorney General's Office to inform state official about Epson's practice of bricking third-party printer ink cartridges via code hidden in printer firmware updates.

EFF experts are urging Texas officials to look into the practice and how this violates consumer protection laws.

The practice itself is not new, and Epson users have reported problems of the sort since at least 2014, then again in 2015, and recently on two different occasions in 2018.

Here's just one user's complaint that perfectly describes what's been happening in the past few years.

I Installed a firmware update, and now the printer can no longer "recognize" my print cartridges which had been working fine until the update. Word on the Internet is that Epson deliberately tries to punish people who buy replacement cartridges from other vendors, so they can sell their overpriced ones, and they do that by updating the firmware so that other vendor cartridges are "not recognized". This is despicable. I will never buy another Epson product.

They have even spawned a cottage industry that for $5 sells a firmware downgrade. It is cheaper to buy a new printer than to buy Epson replacement cartridges. Their business practices are predatory and should be illegal.

But Epson is not the only printer vendor accused or caught red-handed using the same technique.

HP, the biggest printer maker on the market, has done the same. The company was caught deploying cartridge-bricking code inside a firmware update in September 2016, it apologized two weeks later, and then deployed another third-party cartridge-bricking firmware update a year later in September 2017. The company was eventually sued, for obvious reasons.

EFF experts say users are being misled during the process of selecting and buying a printer by being told the printers they buy can work with third-party ink cartridges, only to have them sabotaged by the printer vendor months later during a firmware update.

Further, they argue, the practice of sabotaging third-party ink cartridges puts manufacturers of refillable third-party cartridges and continuous ink refill & supply chains at a disadvantage in comparison to the printer vendor, which has led to many companies closing shop or exiting the market.

A 2014 New York Daily News report found that companies like HP, Epson, and Canon are abusing this dominant market position to sell ink for their own cartridges at exorbitant prices.

"An ounce of ink might cost you as much as $60 -- about 30 times the cost of an ounce of Moet & Chandon [an expensive champagne brand]," NY Daily News reported in 2014.

But the biggest impact, the EFF argues, is on the cyber-security front.

Experts argue that printer owners are now purposely avoiding applying firmware patches from printer makers, fearing that the "security update" might also hide cartridge-bricking code.

There have been plenty of reasons to keep printers up to date, with several high-risk vulnerabilities being discovered in popular models [1, 2, 3, 4].

This leaves millions of printers exposed to security flaws that an attacker could exploit to gain access to a company's internal network and steal internal data, such as intellectual property or employee data.

The dangers to which companies expose themselves just so Epson and other printer vendors can lock customers into their own cartridge replacement and ink refilling supply chain are not worth the risk, experts argued.

The EFF's Consumer Protection Division believes this practice is "misleading, anticompetitive, and dangerous," and wants the Texas AG to take action and start an investigation.

An Epson spokesperson did not respond to a request for comment before this article's publication. The article will be updated with a statement if provided.

Devices certified by Google's Android Enterprise Recommended


Editorial standards