Thursday, August 2, 2018

HP to Pay Hackers Money to Break Its Printers

Well, now the fantasy of “Office Space” comes true.

Finally, HP isn’t asking people to demolish its printers to pieces, but the company is still ready to pay people to break its software apart.

A few weeks ago, HP announced that its initial bug bounty program has targets specifically its printers and also provides as much as $10,000 straight to the hackers who can find some vulnerability on its machines.

However, the bug bounties are a very common way for the companies to find some security flaws, with payouts as high as $100,000 only for some severe vulnerabilities. And the hackers also have been capable of making a full-time job breaking software and also exposing bugs before the vulnerabilities are used maliciously. Companies like Facebook and Google have turned to bug bounties as a way to strengthen their security.

Shivaun Albright, the chief technologist for printer security, said that in May, HP inaudibly started its program, signing up with almost 34 researchers. The company already has paid $10,000 to a hacker who found a severe fault with its printers.

Moreover, the company is only focused on the printer security due to some vulnerabilities of the internet of things devices. Though there all heavy focus is just on the connected devices and also in their security faults, it’s often on some web cameras, smart televisions or lightbulbs, but not only on printers.

HP technologist noted that printers might be one of the oldest and most common IoT devices a person has.

Mirai botnet is a huge network of hacked devices which is generally used to wreak disorder online and also caused a key web outage that took down some most popular sites like Twitter, Netflix, and Reddit. However, the botnet used in hacked the IoT devices, such as webcams and DVRs, but printers also became a part of that mix.

The HP’s bug bounty program will easily be run through the Bugcrowd; it’s a platform which facilitates invites and payouts. This time, the program is currently private, with the Bugcrowd handling, some researchers are invited to join. Albright said that HP is involved in making it public in the future, but now keeping it closed for the better managed incoming vulnerabilities.

All invited researchers already have remote to access almost 15 printers which isolated in HP’s offices. From computers at home, they can easily poke at and interfere into these machines only to find hidden vulnerabilities.

Albright said that for a payout of $10,000 some of the researchers would have to find some serious faults like remote code execution which would let an attacker take full control of the printer.

If anyone finds and reports any faults, then the HP will pay for the detection and then also try their best to fix it upon its next update.

Jack Tucker is an inventive person who has been doing intensive research in particular topics and writing blogs and articles on HP Printer Support, Brother Printer Support and many other related topics.


Post a Comment