HP has just expanded its bug bounty program to prevent cybercriminals from exploiting vulnerabilities in office-grade ink and toner cartridges.
The company announced this news to commemorate the beginning of Cyber Security Awareness Month. This is part of HP's plan to provide defenses in all aspects of printing. This includes the supply chain, cartridge chips, cartridge packaging, firmware, and printer hardware.
As part of the HP bug bounty program, Bugcrowd will launch a three-month program to challenge four professional white hat hackers to identify vulnerabilities in HP original print cartridges. If successful, in addition to the basic cost, HP will award an additional $10,000 for each vulnerability.
Shivaun Albright is HP's chief technologist for print security. She said that HP's ink cartridges have built-in security.
"Printers, especially networked printers, are usually overlooked endpoints on the network," she said. "If proper security protocols are not enabled, these endpoints may become targets for cyber attacks. Securing your printing hardware is a crucial step. Office ink/toner print cartridges may also become attackers with the right motivation and skills The entry point."
Albright said that at present, HP has no known instances of malware on non-HP cartridge chips that infect HP office-grade printers with the latest firmware. However, there is a case of malware that infects the printer on a chip on another OEM cartridge.
"Finding these vulnerabilities is absolutely challenging," she said. "We are working with Bugcrowd and printing technology experts who have unique advantages in discovering vulnerabilities that may not be detected by our own tests."
Quocirca's 2019 Print Security Report shows that 59% of companies have reported print-related data loss in the past year. As many employees increase their remote printing practices, COVID-19 will only add new complexity. This creates more potential loopholes for their employers.
"We launched the first bug bounty program for printers in July 2018 and it was a huge success," Albright said. "Through this program, we found about 40 vulnerabilities. These programs help us find zero-day vulnerabilities and fix them before the launch of new products, as well as continue to maintain our existing products."
She said that HP incorporated these findings into its testing process. It also analyzes the issues discovered by its bug bounty researchers in its product line.
According to data from Moor Insights & Strategies, nearly 90% of companies say they have suffered at least one data loss due to unsafe printing.
"HP has been a leader in printing security for many years, establishing new industry cyber security standards, and has won praise from third-party security testing laboratories for owning some of the most secure printers," said Mark Vena, senior analyst at Moor. "Leadership in this field, especially focusing on secure hardware functions and firmware-based imaging device methods, comes at the right time."
Log in with your Channel Futures account
Or, post a comment by filling in the form below:
Your email address will not be published. Required places have been marked *
Save my name, email, and website in this browser for the next time you comment.
Be one step ahead in the #cyberthreat field next year. @Sophos #RaaS #ransomware #AI dlvr.it/SDjmC9 https://t.co/7mzPcdZ2MI
@FTC has filed a lawsuit that may prevent @nvidia from acquiring @ArMholding's proposal for $40 billion...twitter.com/i/web/status/1...
Learn about @flexential's new financing. dlvr.it/SDjXvm https://t.co/KGUdyrTuDn
@CyCognito received $100 million in funding, and attack surface management has been greatly promoted. dlvr.it/SDhlgs https://t.co/bj3UVRiSDD
.@McAfee_Partners appointed @BrittNorwood to a key role during the merger with FireEye. dlvr.it/SDhhl3 https://t.co/hvNaI249YS
.@CiscoPartners' loss is @AppgateSecurity's gain, because Marc Inderhees changed a new job. dlvr.it/SDf7BF https://t.co/3UpCSoKcO8
.@IngramCloud integrates with @datto’s Autotask PSA to simplify MSP transactions. dlvr.it/SDf77t https://t.co/6busEqYFWw
The new senior vice president @TDSYNNEX will modernize welfare, deepen and expand support, and increase listening in the peer-to-peer field......twitter.com/i/web/status/1......
Business advice for MSSP and news from a wider range of security channels.
Sign up for channel reports, channel futures updates, MSP 501 newsletters, etc.
Get the latest information about the next industry-leading channel partner event.
Educational slides and images from live events.
Want to reach our audience? Visit our media kit.