HP has announced an expansion of its bug bounty program in which they will now include office-class print cartridge security reports. The company first released its vulnerability bounty program in 2018, which started a trend among the industry.
In this program, HP invited several ethical hacking specialists aiming to find exploitable security flaws affecting its printers, offering prizes of up to $10k USD.
This year, the tech giant wanted to expand the initiative to include office-class printers and their several components, such as cartridges, as mentioned by HP’s Print Security Chief Shivaun Albright: “Malicious hackers aiming to exploit printers with advanced malware and cyberattacks are always considered a growing threat to businesses and individuals. Security features need to go beyond the hardware and include the cartridge for a full security environment”.
Albright also stated that HP is fully committed to stay ahead the industry with measures like expanding its bug bounty program around the world, helping organizations to enable protections against severe security threats before hackers can even attack.
The cybersecurity community knows that malicious actors are targeting various technologies, specifically Internet of Things (IoT) implementations and these targets could even include printers. For instance, researchers recently demonstrated how they could hijack remote printers as they were exposed to the internet.
The company has now formally expanded its printer security program on Bugcrowd, inviting four ethical hackers at present to this three-month program. The hackers should supposedly find vulnerabilities in the interfaces associated with the HP Original print cartridges. Successful discoveries would make them win rewards up to $10,000 per report.