The company recently announced this one of a kind bounty program
Last Tuesday, HP announced a bug finding reward program that offers hackers and enterprise network security investigators up to $10K if they can find security flaws in the printers the company manufactures.
This is the first printing hardware security flaw bounty program for industry, according to the company’s statement. HP will work with Bugcrowd to manage vulnerability reports addressed to the organization.
Any discovered vulnerability that aspires to receive rewards from this program must be reported to Bugcrowd, which will verify the found flaws and offer a reward of up to $10K depending on the bug’s severity. If there was a bug report that the company has already registered, enterprise network security specialists could still receive compensation.
HP launched the program last May with the participation of 34 researchers. Since then, the company has already made a $10K payment to a hacker who found a serious vulnerability in one of HP’s printing devices.
The company decided to focus on the security of printers due to vulnerabilities found in Internet of Things (IoT) devices. In many cases, printers are the IoT device that is most commonly found in any house, although conversations about security flaws tend to focus on things like smart TVs or some other home supplies instead of printers.
Enterprise network security researchers from the International Institute of Cyber Security claim that printers are not immune to hacker attacks. For example, it’s well-known the case of the Mirai botnet, which a couple of years ago managed to compromise a large number of devices, including printers.
Printers suffer a considerable number of vulnerabilities, according to reports from experts in information security. Many attackers use PostScript malware to manipulate documents that are printed or to capture their content, compromising user’s personal information.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.