{"id":30536,"date":"2020-10-23T15:40:54","date_gmt":"2020-10-23T19:40:54","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=30536"},"modified":"2020-11-10T12:16:34","modified_gmt":"2020-11-10T17:16:34","slug":"hp-printer-driver-certificate-revoked","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2020\/10\/23\/hp-printer-driver-certificate-revoked\/","title":{"rendered":"HP Printer Driver Certificate Revoked"},"content":{"rendered":"<p><a href=\"https:\/\/eclecticlight.co\/2020\/10\/23\/why-have-my-hp-printers-stopped-working-how-to-check-their-software-signature\/\">Howard Oakley<\/a>:<\/p>\n<blockquote cite=\"https:\/\/eclecticlight.co\/2020\/10\/23\/why-have-my-hp-printers-stopped-working-how-to-check-their-software-signature\/\">\n<p>Many users are today reporting that their HP printer software has suddenly stopped working, with worrying messages implying that their software is malicious and &ldquo;will damage your computer&rdquo;.<\/p>\n<p>[&#8230;]<\/p>\n<p>You&rsquo;re seeing that message because macOS is checking the signature on your HP printer software, and being told that its signing certificate has been revoked. What&rsquo;s strange, though, is that this doesn&rsquo;t appear to affect High Sierra and older versions of macOS. [&#8230;] This may well be because they&rsquo;re working with different databases.<\/p>\n<\/blockquote>\n\n<p>No word yet on why. It&rsquo;s a shame there&rsquo;s no way to tell the system to trust it temporarily, especially given that the revocation may be in error.<\/p>\n\n<p><a href=\"https:\/\/twitter.com\/thomasareed\/status\/1319670995045675008\">Thomas Reed<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/thomasareed\/status\/1319670995045675008\">\n<p>We&rsquo;re seeing a significant influx of support cases where users are seeing macOS identify what appear to be legit processes as malware, exactly what is being reported here[&#8230;]<\/p>\n<\/blockquote>\n\n<p>Previously:<\/p>\n<ul>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2020\/08\/31\/notarized-mac-malware\/\">Notarized Mac Malware<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2020\/08\/04\/apple-remote-kills-long-time-developers-apps\/\">Apple Remote-Kills Long-time Developer&rsquo;s Apps<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2019\/10\/18\/beware-apple-security-certificates-after-october-24\/\">Beware Apple Security Certificates After October 24<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2019\/08\/28\/installing-old-versions-of-macos\/\">Installing Old Versions of macOS<\/a><\/li>\n<\/ul>\n\n<p id=\"hp-printer-driver-certificate-revoked-update-2020-11-10\">Update (2020-11-10): <a href=\"https:\/\/twitter.com\/patrickwardle\/status\/1319756787197726720\">Patrick Wardle<\/a> (also: <a href=\"https:\/\/appleinsider.com\/articles\/20\/10\/23\/some-mac-users-being-warned-that-amazon-music-app-and-hp-drivers-are-malware\">William Gallagher<\/a>, <a href=\"https:\/\/news.ycombinator.com\/item?id=24954549\">Hacker News<\/a>):<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/patrickwardle\/status\/1319756787197726720\">\n<p>As others have noted it appears certs used to sign apps such as Amazon Music, HP Printer drivers, etc. were revoked ...by?<\/p>\n<p>Thus, macOS blocks the (legit) software from running ...and implies it is malware? &#x1F926;&#x200D;&#x2642;&#xFE0F;<\/p>\n<\/blockquote>\n\n<p><a href=\"https:\/\/forums.macrumors.com\/threads\/hp-driver-framework-broken-in-catalina-10-15-7.2262865\/\">likegadgets<\/a>:<\/p>\n<blockquote cite=\"https:\/\/forums.macrumors.com\/threads\/hp-driver-framework-broken-in-catalina-10-15-7.2262865\/\">\n<p>It is a vicious circle - Apple says to call HP as they need to provide the drivers, I have not been able to speak to anyone at HP that can help.<\/p>\n<\/blockquote>\n\n<p><a href=\"https:\/\/www.theregister.com\/2020\/10\/23\/hp_printer_macos\/\">Chris Williams<\/a>:<\/p>\n<blockquote cite=\"https:\/\/www.theregister.com\/2020\/10\/23\/hp_printer_macos\/\"><p>Complaints from punters are building up on the <a href=\"https:\/\/discussions.apple.com\/thread\/251948941?page=1\">Apple<\/a> and <a href=\"https:\/\/h30434.www3.hp.com\/t5\/Printer-Setup-Software-Drivers\/HP-Utility-fails-with-Code-Signature-Invalid-MacOS-10-15-7\/td-p\/7823883\">HP support<\/a> forums.<\/p>\n<p>[&#8230;]<\/p>\n<p><i>The Register<\/i> understands from sources familiar with the matter that HP Inc asked Apple to revoke its printer driver code-signing certificates. It appears this request backfired as it left users unable to print.<\/p>\n<\/blockquote>\n\n<p><a href=\"https:\/\/eclecticlight.co\/2020\/10\/26\/what-happened-with-security-updates-and-hp-printer-software\/\">Howard Oakley<\/a> (also: <a href=\"https:\/\/mrmacintosh.com\/hp-printer-driver-certificate-issue-driver-will-damage-your-computer\/\">Mr. Macintosh<\/a>):<\/p>\n<blockquote cite=\"https:\/\/eclecticlight.co\/2020\/10\/26\/what-happened-with-security-updates-and-hp-printer-software\/\"><p>At some time during the night of 24-25 October, Apple PKI withdrew the revocation of HP&rsquo;s certificate, presumably at HP&rsquo;s request in response to the many complaints from users. HP&rsquo;s software should therefore now work normally again.<\/p><p>[&#8230;]<\/p><p>HP has now published <a href=\"https:\/\/h30434.www3.hp.com\/t5\/Printers-Knowledge-Base\/quot-HPxxxxx-framework-quot-will-damage-your-computer-quot\/ta-p\/7825233\">a support article<\/a> explaining what affected users should do to remedy this problem.<\/p><\/blockquote>\n\n<p><a href=\"https:\/\/eclecticlight.co\/2020\/10\/28\/code-signatures-1-how-they-work-and-stop-working\/\">Howard Oakley<\/a>:<\/p>\n<blockquote cite=\"https:\/\/eclecticlight.co\/2020\/10\/28\/code-signatures-1-how-they-work-and-stop-working\/\"><p>Although there&rsquo;s nothing to stop anyone using a security certificate from elsewhere, for macOS there&rsquo;s only one source of the certificates required to sign code for Apple&rsquo;s operating systems, <a href=\"https:\/\/www.apple.com\/certificateauthority\/\">Apple PKI<\/a>. This is the team within Apple which issues signing (and other) certificates to Apple itself and its very many third-party developers. Not only do they issue certificates, but they can also revoke them, and have detailed and <a href=\"https:\/\/www.apple.com\/certificateauthority\/Worldwide_Developer_Relations_CPS\">explicit procedures<\/a> for doing both.<\/p><\/blockquote>\n\n<p><a href=\"https:\/\/lapcatsoftware.com\/articles\/revocation.html\">Jeff Johnson<\/a>:<\/p>\n<blockquote cite=\"https:\/\/lapcatsoftware.com\/articles\/revocation.html\"><p>An unfortunate consequence of the lack of a Developer ID CRL is that you can&rsquo;t obtain a list of all revoked Developer ID certs. You can only query the status of known certs one-by-one.<\/p><p>[&#8230;]<\/p><p>As the Certificate Authority, Apple can revoke a Developer ID certificate at any time. This is done when Apple discovers that a cert has been used to sign malware. Unfortunately, we&rsquo;ve seen cases where Apple has revoked a Developer ID cert mistakenly, such as with the indie developer Charlie Monroe. Is it possible for a developer to revoke their own Developer ID cert? The answer is no.<\/p><p>[&#8230;]<\/p><p>The reason for this difference in policy is that revoking a Developer ID cert has severe consequences, as we&rsquo;ve seen with HP printer software: Mac users will no longer be able to run software signed with the revoked cert. Developers are allowed to revoke their own Mac App Store code signing certificates, because those certs are only used for development purposes.<\/p><p>[&#8230;]<\/p><p>HP had to contact Apple and request for the cert to be revoked. Apparently Apple granted that request. So blame must be apportioned to both companies. There have been no reports of malware or private key compromise. Therefore, no good reason exists for HP to request that their cert be revoked, and no good reason exists for Apple to grant that misguided request.<\/p><\/blockquote>\n\n<p><a href=\"https:\/\/twitter.com\/Sam_Ohanaware\/status\/1320356963650138113\">Sam Rowlands<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/Sam_Ohanaware\/status\/1320356963650138113\"><p>The issue is the lack of communication. The system <em>should<\/em> check on download (of a new list) to see if anything will become disabled, then inform the user what, why and how to resolve. Because this was handled poorly, it created anger and frustration.<\/p><p>[&#8230;]<\/p><p>I do wonder if HP was trying to ensure that the build machines were using the latest certs and something went wrong, which they didn&rsquo;t know about. So the question becomes how easy is to accidentally revoke identities?<\/p><p>I feel that Apple is responsible for this mess, because they built the system that allows apps (&amp; drivers) to be &ldquo;killed&rdquo; remotely. The solution was designed to be silent.<\/p>\n<p>Was this intentional or just an oversight? If Apple has designed the system to communicate to users that something they use will no longer work, why and what they can do about this. It becomes a non-issue, for two reasons. 1. HP would have to provide information to Apple as to why they wanted the identities revoked, which would help confirm that they wanted this action. 2. Customers would be aware of what&rsquo;s going on, and could solve the problem themselves.<\/p><\/blockquote>\n\n<p><a href=\"https:\/\/blog.malwarebytes.com\/malwarebytes-news\/2020\/10\/hp-printer-issue-on-mac\/\">Thomas Reed<\/a>:<\/p>\n<blockquote cite=\"https:\/\/blog.malwarebytes.com\/malwarebytes-news\/2020\/10\/hp-printer-issue-on-mac\/\"><p>Earlier, we said that the issue was <em>mostly<\/em> related to HP printer drivers. There was another issue with a couple Amazon apps &#x2013; Amazon Music and Amazon Workspaces &#x2013; where users were seeing the same behavior. This led to a lot of speculation and finger pointing at Apple (in which yours truly regretfully participated), but this appears to have been an unrelated and coincidentally timed issue.<\/p><\/blockquote>\n\n<p>I have yet to hear an explanation for what happened with Amazon Music. Did Amazon also accidentally request revocation of its certificate?<\/p>","protected":false},"excerpt":{"rendered":"<p>Howard Oakley: Many users are today reporting that their HP printer software has suddenly stopped working, with worrying messages implying that their software is malicious and &ldquo;will damage your computer&rdquo;. [&#8230;] You&rsquo;re seeing that message because macOS is checking the signature on your HP printer software, and being told that its signing certificate has been [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2020-10-23T19:40:57Z","apple_news_api_id":"9d55714e-3c47-47f4-b0cc-6d0e0ffa0204","apple_news_api_modified_at":"2020-11-10T17:16:38Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAAAg==","apple_news_api_share_url":"https:\/\/apple.news\/AnVVxTjxHR_SwzG0OD_oCBA","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[2012,466,1520,30,1609,1666,695,48],"class_list":["post-30536","post","type-post","status-publish","format-standard","hentry","category-technology","tag-amazon-music","tag-codesigning","tag-hp","tag-mac","tag-macos-10-14","tag-macos-10-15","tag-printing","tag-security"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/30536","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=30536"}],"version-history":[{"count":4,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/30536\/revisions"}],"predecessor-version":[{"id":30624,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/30536\/revisions\/30624"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=30536"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=30536"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=30536"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}