A Surprising Reason Why People Don’t Update Firmware

Image by Christos Giakkas from Pixabay

When it comes to firmware updates some people simply don’t understand the need or process.  However, many people who do understand the need and process, are  getting into the bad habit of NOT installing firmware updates (or the very least allow automatic updates). The reason is surprising: They don’t trust the update. This is nothing new for software updates mainly Windows Updates. People have seen the horror stories on the Internet that a bad Windows Update bricked someone’s computer to the point they had to do a system restore and lost all their data. Now they have a fear that their precious PC will fall victim to a bad update and not install Windows updates. There a couple things people need to understand about this situation. First, it is very, very rare for a Windows Update to break your computer to the point you are unable to undo it without a full restore. Second, before installing Windows Updates, backup your data (something you should be doing on regular basis anyway). This way in the unlikely event something goes horribly wrong and you are unable to ‘roll-back’ the Windows update thus needing to perform a complete restore, you still have your data.  Of course there was also Microsoft’s underhanded attempts to get people to switch to Windows 10 back in the mid-2010’s and they are doing again (and being more sneaky about it) with Windows 11 via Windows updates.

But what about firmware (hardware) updates, not much can go wrong…right? After all these are good for fixing security issues…right? Well, yes. Wait.no….okay may be? However, sometimes things can go wrong…horribly wrong with firmware updates such as was the case last month as users of ASUS routers found out when a botched firmware update made their routers unstable/unusable for 48-hours. In this case there was nothing malicious about the update, just poor quality control and testing on ASUS part. This was not the case however for  users of the Drone Flying headsets Orqa, which were suddenly and mysteriously bricked in early May…however, this was not caused by a firmware update. Rather a ‘time-bomb’ ransomware was baked into the original firmware years prior by the subcontractor who created the software (they claim their licensing agreement had expired).  In this case it was a firmware update that eventually ‘fixed’ this issue. However, there is a third incident (and ongoing since mid 2010’s) and is much worse than the prior two. This one dubbed Printergate involves HP Inc. 36,87 -0,56 -1,50% printers and the HP firmware update which included the “dynamic security” policy. This update bricked many HP inkjet printers for users who were using 3rd party (non-genuine HP) ink cartridges. This was intentionally done by HP and sounds very malicious….though HP called it a ‘Security Measure’:

Earlier this year, HP doubled down on its so-called “dynamic security” policy, issuing firmware updates for its printers that blocked the use of third-party ink. Instead of warnings about supposed bootleg ink, the printer just won’t work.

“The purpose of dynamic security feature is to protect HP’s innovations and intellectual property, maintain the integrity of our printing systems, ensure the best customer printing experience, and protect customers from counterfeit and third-party ink cartridges that do not contain an original HP security chip and infringe HP’s intellectual property,” is how HP explains dynamic security on one of its official support pages.

In HP’s case their actions are not only creates a bad image for their brand, but hurts their bottom line (though they’ll say it helps since customers must purchase over-priced genuine HP ink). However, HP has had to payout for the ‘pain and suffering’  (damages) caused to their customers by the effects of the dynamic security policy.  In late 2020 HP paid a 10 million EURO fine levied by the Italian Antitrust Authority. They lso agreed to a voluntary compensation around $1.5 million USD to US customers. In additonal HP also voluntarily compensated some HP customers in other EU member countries.

HP Printer Cartridge Error caused by ‘Dynamic Security’ System.

While there are ways to ‘fix’ the issues with bad firmware updates (just as there are with the occasional bad Windows update), many people don’t have the technical know-how to do it or more commonly don’t have the time to spend chasing down the issue and applying the fix. In the case of ASUS and HP this can cause several bad behaviors by their customers. First, instead of taking the time to try and fix the issue or waiting for it to be fixed, they’ll simply go out and purchase a (competitors) replacement piece of hardware. This creates unnecessary eWaste (much like Apple and Microsoft’s intentional practice of planned obsolescence). Second, a bad (international or not) firmware update can also wipe out any trust and loyalty customers have with the company.  Third, users are delaying or not even install firmware updates out of (very reasonable) fear their devices are become unusable if they do. The unintended consequences are these users are not getting new features, bug fixes and more importantly security updates. So which is the lesser of two evils; a bricked device or a usable device with unpatched security vulnerabilities?

via PCWorld