This program represents a private bounty program, that is focused specifically on HP hardware. Printers are often found in a weak business network and can be compromised by crooks especially if system administrators ignore firmware updates or upgrades that become these devices exposed to cyber attacks.
While speaking to ZDNet, an HP spokesperson said: “We’re challenging researchers to search for obscure defects that could be used against our customers.
We’re providing researchers with remote access to a set of Enterprise Multifunction printers and invited researchers to focus on the potential for malicious actions at the firmware level including CSRF, RCE, and XSS.”
Regarding this program, security researchers can be rewarded between $500 and $10,000 per their findings.
“For years, the conversation about cybersecurity has focused on software and networking,” said Shivaun Albright, HP’s Chief Technologist of Print Security. “Today, bad actors are targeting endpoint devices. Protecting connected devices, like printers, at the edge of the network has become paramount.”
According to HP, there is no time limit for this program, and sooner HP is planning to expand their bug bounty to its computers as well.
Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.
In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, exploitation, hacking, IoT and security in Active Directory networks. He is also Freelance Writer (Infosec. Resources Institute and Cyber Defense Magazine) and developer of the 0xSI_f33d – a feed that compiles phishing and malware campaigns targeting Portuguese citizens.
Read more here.