Slashdot Mirror
HP Will Give You $10,000 To Hack Your Printer (zdnet.com)
hyperclocker shares a report: HP hopes to entice researchers with a $10,000 reward for finding vulnerabilities in printers. The tech giant revealed the new bug bounty program on Tuesday. The scheme, which is launching as a private bug bounty, is tailored specifically for HP printer hardware. While many of us use home printers simply for printing the occasional document or photo, in the enterprise, these devices are often found in a network. If there is a weak link in business networks, a single device -- whether it be a printer or smart air conditioning system -- can be exploited to compromise a wider network system.
Printers, especially if they are overlooked when it comes to firmware updates or upgrades, can become such avenues to exploit. According to research undertaken by Bugcrowd, "2018 State of Bug Bounty Report," endpoint devices are becoming a tantalizing target for threat actors, with a 21 percent increase in total endpoint bugs reported over the past 12 months. In partnership with bug bounty platform Bugcrowd, HP says it is the "only vendor" to launch a printer-only vulnerability disclosure scheme. Under the terms of the program, researchers can earn between $500 and $10,000 per legitimate find.
Printers, especially if they are overlooked when it comes to firmware updates or upgrades, can become such avenues to exploit. According to research undertaken by Bugcrowd, "2018 State of Bug Bounty Report," endpoint devices are becoming a tantalizing target for threat actors, with a 21 percent increase in total endpoint bugs reported over the past 12 months. In partnership with bug bounty platform Bugcrowd, HP says it is the "only vendor" to launch a printer-only vulnerability disclosure scheme. Under the terms of the program, researchers can earn between $500 and $10,000 per legitimate find.
This is probably to "secure" HP Instant Ink, which monitors your printer so you can give an unlimited amount of money to HP, for ink refills.
It's basically the renting models for printers, except you pay for the printer, pay for the ink, pay to be monitored, and pay either per page , or per month.
The best part is, when the printer dies, you also get to pay for the recycling!
HP can also help you, by automatically sending you relevant ads, on the printer you paid for, with the paper you paid for, with the ink you pay for, with the electricity you pay for, and you compensate HP for this by letting them have access to your printing data and network!
Hacked mine to say my name. Please send my 10k.
Sincerely,
-Paul Christopher Loadletter
I remember fondly a long time ago, when one employee brought his private first HP color printer to his office and installed it on his machine.
The install process replaced the print queue and it began immediately checking the company network for all printers that might be out of paper or ink, all over the world, from the US, to Europe, India and Japan.
After an hour it had consumed all the bandwidth available polling 10-15000 printers and the network broke down.
It was fun working IT those days.