A consumer complaint filed against Palo Alto, California-based HP Inc. over the weekend claims that a major central processing unit (CPU) design flaw renders some computer models without sufficient hardware security and also susceptible to audio and video playback stuttering during videoconferencing and gaming. The complaint accuses HP of cutting corners to circumvent a Microsoft-initiated Windows operating system requirement that it use a certain Trusted Platform Module or TPM.
Monday’s complaint explains that HP sells desktop and laptop PCs, typically made with CPUs either from one of two manufacturers, AMD and Intel. According to the lawsuit, HP touts its computers’ “enterprise-level security” and markets its AMD-based PCs as providing smooth playback of audio and video, videoconferencing, and gameplay.
In June 2021, Microsoft decided to act in response to a growing number firmware attacks, which allow hackers to “compromise low-level CPU, memory, and hardware resources of the computer before an operating system even loads.” As a precondition for running Windows 11, Microsoft began to require a TPM designed to “separate sensitive cryptographic and other security-related resources from the main CPU and memory system.”
In the face of a “potentially burdensome redesign,” HP, in collaboration with AMD, designed what is essentially a defeat device, a “firmware TPM” or “fTPM.” Instead of adding hardware to protect and segregate sensitive information from the main system processor and memory, the fTPM, a piece of code, actually made the problem of firmware attacks worse, the complaint claims.
With the inclusion of HP’s fTPM, the plaintiffs assert two adverse effects including increased vulnerability to firmware attacks and “the catastrophic stuttering of playback on HP PCs with AMD Ryzen and Athlon processors.” Despite HP’s knowledge of the issues and a litany of customer complaints about stuttering, the company has allegedly done nothing to resolve buyers’ grievances, the complaint says.
The computer buyer plaintiffs, one from California and one from Pennsylvania, seek to represent a nationwide class, and two state subclasses of people or entities who purchased impacted models. The complaint states contract and warranty claims and seeks relief under the states’ consumer protection and business practice laws. The plaintiffs are represented by Bathee Dunne LLP.
