HP Discloses its Bug Bounty Program and Here’s What You Need To Know.
The Palo Alto Calif. based HP Inc., has disclosed what it terms as the industry’s first-ever bug bounty program, which has been launched to inspect printer security relates issues. The print security bug bounty program will be offering up to $10,000 as rewards to the successful hacker(s). The program is backed by a crowdsourced security firm Bugcrowd, which manages bug bounty programs like this one. The primary focus of this program will be on identifying printer related bugs, which can serve as a potential entry point to hackers.
Chief Print Security Technologist at HP, Shivaun Albright, states that the cyber-world has become a breeding ground for all kind of threats, therefore, it has become all the more important for industry leaders to “leverage every resource possible to deliver trusted, resilient security from the firmware up.”
“HP is committed to engineering the most secure printers in the world,” added Albright.
The findings of researchers who will be participating in this program will be notified directly to Bugcrowd while HP will review if any of the identified vulnerabilities have previously been detected by the company or not. If it is found unique, both HP and Bugcrowd will be rewarding the researcher as per the severity level of the flaw.
But, why was it necessary for HP to initiate a bug bounty program for printers’ security? That’s because whether it is the home or workplace, printers can be connected to the local network and may serve as an entry point to hackers. Furthermore, printers usually contain sensitive data in memory because all kinds of confidential documents are printed through them. Similarly, 3D printers, if hacked, can let hackers steal the prototype designs.
People normally do not suspect printers as vulnerable to hacking devices, and mostly implement measures to secure PCs. The truth is that printers are equally vulnerable to hacking. Their firmware and software flaws allow hackers too easily access the company data remotely. Or, they may install a chip into the printer to receive information at a remote location, bypass verification process that manages access to the device, change the data in printer’s memory and may even develop malware that can connect to the printer.
Since HP happens to be the world’s largest manufacturer of printers, therefore, the company has a higher responsibility for security its devices. HP will be spending between $500 and $10,000 per flaw while the program is believed to reaffirm the company’s commitment to security. It is a private program and only those hackers who have received an invitation will be participating in it. The A3 and A4 printers and all other HP enterprise printers will be tested for flaws.
The program actually was launched in May 2018, and so far various bugs have been uncovered. But the company has disclosed its details only now when the Black Hat USA 2018 conference is just around the corner.