Technology, Top News

HP launches ‘first of its kind’ bug bounty program for, er, printers

HP WANTS YOU to hunt bugs in… wait for it… printers; every office workers’ favourite device they love to hate.

According to HP, its a “first of its kind” bug bounty program to prompt security experts and hobbyist white hats to go sniffing out vulnerabilities in printers.

The bug hunt will be carried out in partnership with crowdsourcing firm Bugcrowd, which will help facilitate the rewards for researchers who’ve come across and reliably reported a flaw in HP’s printers.

You’d be forgiven for raising an eyebrow at the idea of printers being prime hacking targets, especially as the bloody things barely seem to work or recognise the network they’re meant to be connected to a good proportion of the time.

But according to Bugcrowd’s research, so-called ‘endpoint devices’ are prime hacking targets with vulnerabilities in printers increasing 21 per cent year on year, making them tempting targets for hackers to infiltrate company networks or just dick around with a machine they’ve cracked into.

The problem apparently stems from chief information security officers (CISOs) not getting informed of when a printer is going to be hooked up to their network and its level of security.

“CISOs are rarely involved in printing purchase decisions yet play a critical role in the overall health and security of their organisation,” said Justine Bone, chief executive at MedSec and a Security Advisory Board member for HP.

“For decades, HP has made cybersecurity a priority rather than an afterthought by engineering business printers with powerful layers of protection. And in doing so, HP is helping to support the valuable role CISOs play in organizations of every size.”

Spotting such bugs in printers might be a pain in the proverbial posterior for CISOs, but for bug hunters it could be a lucrative as the print security bug bounty program is offering rewards of up to $10,000 for uncovered bugs, though that’s dependent on the severity of the flaw and if it can be verified by Bugcrowd.

The whole situation once again highlights how basic network connected devices can pose a threat even if they simply sit unassumingly in the corner of the office where Jimmy from sales and Monique from accounts partake in some water cooler flirting. µ

Further reading

Source : Inquirer

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Send this to a friend