HP expands its Bug Bounty Program to focus on office-class print cartridge security vulnerabilities


HP has expanded its Bug Bounty Program to focus specifically on office-class print cartridge security vulnerabilities. The program underscores HP’s commitment to delivering defense- in-depth across all aspects of printing—including supply chain, cartridge chip, cartridge packaging, firmware and printer hardware.

HP Bug Bounty Program

As part of this program, HP has engaged with Bugcrowd to conduct a three-month program in which four professional white hat hackers have been challenged to identify vulnerabilities in HP Original print cartridges. If any of the hackers are successful, HP will award an extra $10,000 per vulnerability in addition to their base fee.

“Today, bad actors aiming to exploit printers with sophisticated malware pose an ever-present and growing threat to businesses and individuals alike,” said Shivaun Albright, HP Chief Technologist for Print Security.

“HP is committed to staying ahead of these issues by proactively hiring some of the brightest cybersecurity experts to help us uncover potential risks so they can be fixed before any harm is done.”

Over the past few years, there’s been a rise in attacks of embedded system technologies, which are often shared across connected devices and include PC firmware/BIOS as well as printer firmware.

Quocirca’s Print Security 2019 report revealed that 59 percent of businesses reported a print-related data loss in the past year. COVID-19 has only added new complexities, as many employees increased their remote printing practices, triggering even more potential vulnerabilities for their employers.

HP had engaged in Bug Bounty programs over the years to complement and extend the company’s own rigorous penetration testing. While white hat hacking is a widespread practice throughout the technology industry, HP has been a pioneer in expanding this program to printers, an oftentimes overlooked attack vector. For example, in 2018, HP launched the industry’s first print security Bug Bounty Program.

“HP has been a leader in print security for many years now, establishing new industry cybersecurity standards and garnering praise from third-party security testing labs for having some of the most secure printers,” said Mark Vena, senior analyst, Moor Insights & Strategies.

“Leadership in this area, particularly focused on secure hardware features and a firmware-based approach with imaging devices, could not come at a better time.”

In our increasingly connected world, any connected device can become an avenue of attack for hackers. Keeping up requires continuous investment and dedicated research. That’s why HP is committed to pursuing focused and rigorous testing, both internally and with third parties, to better protect its customers and partners.



Source link

Recent articles

Help! My Travel Agency Shut Down and I’m Out $2,000

Dear Tripped Up,Earlier this year, I used STA Travel to book a British Airways flight from Tucson, Ariz., to South Africa, scheduled to...

Bethesda and ZeniMax Sued for Sabotaging Elder Scrolls Skyrim Rival

Rune 2 publisher Ragnarok Game LLC has sued Bethesda and ZeniMax for allegedly helping to sabotage the game’s launch.As reported by PC Gamer,...

Qatar takes first long-haul jets in months with delivery of A350-1000s | News

Airbus has delivered three A350-1000s to Qatar Airways, its first handover of long-haul aircraft to the Middle Eastern carrier for eight months. Qatar received...

Who Won the Debate? Political Observers Weigh In

Grading on a curve, political experts said President Trump did not hurt himself. But they said neither did Joe Biden, and that may...

Smart sensors could track social distancing in the office

PointGrab developed its technology before the pandemic to help workspace managers optimize how employees use office space. About the size of a smoke...

Leave a reply

Please enter your comment!
Please enter your name here