Counterfeit HP printer cartridges use “sticker-in-the-middle” attacks to bypass restrictions


A method to bypass an HP printer’s cartridge locks has appeared in the wild. A sticker with a printed circuit and a soldered microchip can trick a printer into accepting a refilled cartridge.

HP has long been criticized for anti-consumer practices, such as locking users into its printer ecosystem by disabling third-party cartridges and requiring them to buy subscriptions for HP-branded ones.

Now, YouTuber Jay Summet has showcased a refilled, modded HP cartridge that tricks the DRM system. The cartridge had a sticker covering the pads where the printer would normally communicate with it. It acted as a flexible circuit board, routing the electric signals to a separate chip between the printer and the cartridge, conducting what seems to be a man-in-the-middle attack.

ADVERTISEMENT
A sticker appliend on HP cartridge
Screenshot from YouTube.

“My assumption here is it’s telling the printer ‘Hey, there's plenty of ink in this cartridge.’ I suspect that the chip in the cartridge authenticates it as a genuine HP cartridge,” the YouTuber said.

It seems that the DRM system still relies on the cartridge's original chip. However, the additional chip intercepts the response and adjusts the ink levels. Therefore, the cartridge, which has already been emptied and refilled, appears to still have ink when the microchip modifies the cartridge chip’s answer.

“HP printers are smart enough to say it's a previously used HP cartridge. It's not going to say ‘Oh, it's a brand new genuine HP cartridge.’ It's just been recognized as a previously used HP cartridge, but the ink level estimate looks to be about right,” the creator noted.

As first discovered by TechSpot, this method allows users to refill the cartridges using inexpensive ink. However, HP previously warned that any printers using unofficial cartridges may be bricked using its “Dynamic Security” system.

ADVERTISEMENT