HP launched a bug bounty program that is offering a reward of as much as $10,000 to hackers who can discover security vulnerabilities in its printers.
Bug bounty programs are certainly nothing new, as various technology companies such as Google and Nintendo have offered rewards for reporting Android exploits and Nintendo Switch hacks. However, HP is the first company in the printer industry to launch one.
HP Bug Bounty Program
The HP bug bounty program is offering as much as $10,000 to hackers who will be able to find vulnerabilities in the company's printers.
The program was actually quietly started in May, with a total of 34 researchers having signed up for it. It is already paying dividends for both HP and the researchers, as a $10,000 bounty has already been paid out to a hacker who discovered a serious flaw. HP is able to fix the problem before it is widely exploited by attackers, and the researcher pocketed a cool amount of cash for reporting it.
The HP bug bounty program comes at a time when attackers are becoming more aggressive. With printers connected to wider network systems, it is increasingly important for HP to patch up vulnerabilities before hackers take advantage of the computer accessories.
HP simply does not want one of its printers being the cause of an attack against a company, and the bug bounty program is looking to avoid such a disaster.
Printer Security Risk
Tom's Hardware said that according to a recent Bugcrowd report, hackers have increased their focus on targeting endpoint devices, such as printer, over the previous year. Over that time, the vulnerabilities discovered in printer software have increased by 21 percent, showing the higher risk of owning printers, especially in business environments.
Printers have not been considered as major security threats. However, as hackers keep looking for ways to infiltrate otherwise secure networks, unpatched printers are becoming a possible entry point.
"As we navigate an increasingly complex world of cyber threats, it's paramount that industry leaders leverage every resource possible to deliver trusted, resilient security from the firmware up. HP is committed to engineering the most secure printers in the world," said HP Chief Technologist of Print Security Shivaun Albright.
Hacking HP printers for the bug bounty program will be kept private for now, as the company wants to see how things go first before opening it to the public. HP may also be trying to delay the disclosure of any vulnerability that researchers involved in the program discover, as some enterprises are slow to installing updates for their networks and devices.