HP Expands Bug Bounty Program to Validate Office-Class Ink and Toner Cartridge Security
October 01 2020 - 8:00AM
Today, in recognition of Cybersecurity Awareness Month (U.S.), HP
Inc. (NYSE: HPQ) announced it has expanded its Bug Bounty program
to focus specifically on office-class print cartridge security
vulnerabilities. The program underscores HP’s commitment to
delivering defense-in-depth across all aspects of
printing—including supply chain, cartridge chip, cartridge
packaging, firmware and printer hardware.
As part of this program, HP has engaged with Bugcrowd, a leading
crowdsourced cybersecurity company, to conduct a three-month
program in which four professional ethical hackers have been
challenged to identify vulnerabilities in the interfaces associated
with the HP Original print cartridges. If any of the hackers are
successful, HP will award up to $10,000 USD per vulnerability.
“Bad actors aiming to exploit printers with sophisticated
malware pose an ever-present and growing threat to businesses and
individuals alike,” said Shivaun Albright, HP Chief Technologist
for Print Security. “Security features need to go beyond the
hardware and include the cartridge for an end-to-end secure system
that protects your network and information. HP is committed to
staying ahead by expanding our Bug Bounty Program and hiring some
of the brightest cybersecurity experts across the globe to help us
uncover potential risks so they can be fixed before any harm is
done.”
Over the past few years, there’s been a rise in attacks of
embedded system technologies, which are often shared across
connected devices and include PC firmware/BIOS as well as printer
firmware. Quocirca’s Print Security 2019 report2 revealed that 59
percent of businesses reported a print-related data loss in the
past year. COVID-19 has only added new complexities, as many
employees increased their remote printing practices, triggering
even more potential vulnerabilities for their employers.
“Cyber breaches have increased in volume, complexity and impact,
extending to embedded systems,” said Ashish Gupta, CEO of Bugcrowd.
“This bug bounty program gives HP the ability to stay ahead of
attacks with access to researchers that are experts in printing
technology. We have worked with HP for several years and are
excited to serve as a force multiplier in their security
strategy.”
HP had engaged in Bug Bounty programs over the years to
complement and extend the company’s own rigorous penetration
testing. While ethical hacking is a widespread practice throughout
the technology industry, HP has been a pioneer in expanding this
program to printers, an oftentimes overlooked attack vector. For
example, in 2018, HP launched the industry’s first print security
Bug Bounty Program.
“HP has been a leader in print security for many years now,
establishing new industry cybersecurity standards and garnering
praise from third-party security testing labs for having some of
the most secure printers,” said Mark Vena, senior analyst, Moor
Insights & Strategies. “Leadership in this
area, particularly focused on secure hardware features and a
firmware-based approach with imaging devices, could not come at a
better time.”
In our increasingly connected world, any connected device can
become an avenue of attack for hackers. Keeping up requires
continuous investment and dedicated research. That’s why HP is
committed to pursuing focused and rigorous testing, both internally
and with third parties, to better protect its customers and
partners. For more information on the threat landscape, the size of
the problem and HP’s strategy to ward off potential threats,
visit Is Your Printer The New Trojan Horse from Moor Insights
& Strategies and HP Office Cartridge Security Printing:
Security from Start to Finish from Keypoint
Intelligence/InfoTrends.
About HP Inc.HP Inc. (NYSE: HPQ) creates
technology that makes life better for everyone, everywhere. Through
our product and service portfolio of personal systems, printers and
3D printing solutions, we engineer experiences that amaze. More
information about HP Inc. is available at www.hp.com.
©Copyright 2020 HP Development Company, L.P. The information
contained herein is subject to change without notice. The only
warranties for HP products and services are set forth in the
express warranty statements accompanying such products and
services. Nothing herein should be construed as constituting an
additional warranty. HP shall not be liable for technical or
editorial errors or omissions contained herein.
____________1 HP’s most advanced embedded security features are
available on HP Managed and Enterprise devices with HP FutureSmart
firmware 4.5 or above. Claim based on HP review of 2019 published
features of competitive in-class printers. Only HP offers a
combination of security features to automatically detect, stop, and
recover from attacks with a self-healing reboot, in alignment with
NIST SP 800-193 guidelines for device cyber resiliency. For a list
of compatible products, visit hp.com/go/PrintersThatProtect. For
more information, visit hp.com/go/PrinterSecurityClaims.2
Quocirca’s Global Print Security Landscape, 2019 report, February
2019 https://h20195.www2.hp.com/v2/getpdf.aspx/c06274488.pdf
MEDIA CONTACTS:
Susan Vander May, HP
Susan.Vander.May@hp.com
http://press.ext.hp.com
HP (NYSE:HPQ)
Historical Stock Chart
From Mar 2024 to Apr 2024
HP (NYSE:HPQ)
Historical Stock Chart
From Apr 2023 to Apr 2024