Recently, HP has expanded its bug bounty program to cover the flaws in printers, and with this bug bounty program, HP wants to concentrate, especially on office-class print cartridge safety vulnerabilities. And this program is private, which means that everyone can’t join this program.
The program underscores HP’s dedication to delivering defense-in-depth beyond its all aspects of printing, which includes supply chain, cartridge chip, cartridge packaging, firmware, and printer hardware.
However, the security researchers who are requested by the HP have been notified to focus on firmware-level vulnerabilities, which also includes remote code execution, cross-site request forgery (CSRF), as well as the cross-site scripting (XSS) bugs.
The highlights that have been disclosed by this security vulnerability are mentioned below:-
The bug bounty program presently covers HP’s LaserJet Enterprise printers and MFPs (A3 and A4), also the HP PageWide Enterprise printers and MFPs (A3 and A4).
In this new expand HP has joined with Bugcrowd to administer a three-month program in which four licensed white hat hackers have been appointed to recognize all possible vulnerabilities in HP Original print cartridges.
If any of the hackers get the victory in this task, then HP will award a reward of $10,000 per vulnerability in an increase to their base fee. HP had been involved in Bug Bounty programs over the years to complement and enlarge the company’s own accurate penetration testing.
The white hat hacking is a widely used method throughout the technology industry, and HP is one of the entities that is doing the same by using its bug bounty program to develop its printers. Not only this but most of the time, HP overlooks the attack vector.
That’s why to avoid the potential attack vectors; HP guides how reprogrammable microcontrollers on printer cartridges can be renewed to add new firmware with ill-disposed code. All these cartridges could then be injected into the imitation-cartridge supply chain to be remitted to an inexperienced target.
In one of their report, HP affirmed that recently they are engaged with 34 security researchers, and this program incorporates only endpoint devices like printer-related web domains that are out of scope and a focus on print firmware.
We all know that day by day, the security attacks are increasing rapidly, and this time any connected devices can display an avenue of attack for hackers. All it requires proper dedication and intense research and subsequent investment.
That’s why HP is committed to persevering their focused and rigorous testing, privately as well as with third-party experts, for better protection of their customers and partners.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
In a significant cybersecurity development, Russian state-sponsored hackers, identified as APT28 or Fancy Bear, have…
Android's operating system has identified a critical vulnerability that allows DNS traffic to leak during…
A directory traversal vulnerability (CVE-2024-23334) was identified in aiohttp versions before 3.9.2. This vulnerability allows…
Onur Aksoy, a forty-year-old resident of Florida and dual citizen of Turkey and the United…
Students aren’t alone in having their skills tested in K-12 schools. Education-sector IT teams face…
While injection vulnerabilities are on the rise, Webshells have become a serious concern. They allow…