HP Offers $10K Reward for Hacking its Printers

Any connected device is a potential security threat for businesses and individuals alike, and that's definitely the case for printers which are both connected and regularly used to produce potentially sensitive information. With that in mind, HP is launching the industry's first bug bounty program aimed squarely at printer security.

As Nasdaq reports, the bug bounty targets HP's printers specifically and will be handled through a partnership with the crowdsourcing cybersecurity service Bugcrowd. HP wants to provide the most secure printers in the world, which means having them tested extensively for vulnerabilities from the firmware up.

HP's decision to work with Bugcrowd may be due to the service's latest 2018 State of Bug Bounty report, which highlights a 21 percent increase in print vulnerabilities over the past year. That's combined with attackers focusing more on endpoint devices such as connected printers. It's in HP's interests to avoid security vulnerabilities wherever possible when it ships large quantities of hardware to business customers every year under contract.

The rewards on offer for finding printer vulnerabilities are quite substantial, with HP offering up to $10,000 depending on the severity of the flaw discovered. All vulnerabilities must be reported through Bugcrowd, which functions using a private program of security researchers. HP will assess each one and decide if a reward is required. Some rewards may be offered to researchers as a good faith payment.

HP already claims to offer the world's most secure printing for the enterprise, but hopefully this bug bounty program isn't limited to just business printers. Consumer-focused printers are just as important and arguably need even better protection as they don't sit behind the same level of security used to protect business networks.