 

HP Expands Bug Bounty Program to Validate Office-Class Ink and Toner Cartridge Security

Challenges Ethical Hackers to Identify Security Vulnerabilities and Risks

  • New Bug Bounty program aims to identify potential risks in office-class print cartridges
  • Ethical hackers have an opportunity to discover vulnerabilities in the interfaces between the printer and HP Original Ink and Toner cartridges
  • HP will award up to $10,000 for vulnerabilities discovered
  • Underscores HP’s continued commitment to engineer the world’s most secure printing systems1

PALO ALTO, Calif., Oct. 01, 2020 (GLOBE NEWSWIRE) -- Today, in recognition of Cybersecurity Awareness Month (U.S.), HP Inc. (NYSE: HPQ) announced it has expanded its Bug Bounty program to focus specifically on office-class print cartridge security vulnerabilities. The program underscores HP’s commitment to delivering defense-in-depth across all aspects of printing—including supply chain, cartridge chip, cartridge packaging, firmware and printer hardware.

As part of this program, HP has engaged with Bugcrowd, a leading crowdsourced cybersecurity company, to conduct a three-month program in which four professional ethical hackers have been challenged to identify vulnerabilities in the interfaces associated with the HP Original print cartridges. If any of the hackers are successful, HP will award up to $10,000 USD per vulnerability.

“Bad actors aiming to exploit printers with sophisticated malware pose an ever-present and growing threat to businesses and individuals alike,” said Shivaun Albright, HP Chief Technologist for Print Security. “Security features need to go beyond the hardware and include the cartridge for an end-to-end secure system that protects your network and information. HP is committed to staying ahead by expanding our Bug Bounty Program and hiring some of the brightest cybersecurity experts across the globe to help us uncover potential risks so they can be fixed before any harm is done.”

Over the past few years, there’s been a rise in attacks of embedded system technologies, which are often shared across connected devices and include PC firmware/BIOS as well as printer firmware. Quocirca’s Print Security 2019 report2 revealed that 59 percent of businesses reported a print-related data loss in the past year. COVID-19 has only added new complexities, as many employees increased their remote printing practices, triggering even more potential vulnerabilities for their employers.

