[ad_1]
HP calls "the industry first" by launching a print security bugs program offering rewards of up to $ 10,000. It is supported by Bugcrowd, a crowdsourced security platform that handles bug payouts, vulnerability disclosures, and more. The program will focus on printer-related bugs, which can be an entry point for hackers.
"As we navigate a world of increasingly complex cyber threats, it is critical that industry leaders exploit all possible resources. the firmware, "Shivaun Albright, head of HP's security printing technology, said in a statement." HP is committed to designing the world's most secure printers. "[19659002] According to HP, the researchers participating in the program will report their results directly to Bugcrowd, HP will assess any vulnerabilities already discovered by the company and may reward the researcher "as a bona fide payment." Bugcrowd will check for any bugs submitted and will reward researchers based on the severity of the fault
Why would hackers choose a printer as a vector of attack? In the home or business environment, it can be connected directly to the local network and even shared on the Internet.Moreover, they could contain confidential data in memory when printing sensitive documents.In the case of 3D printers, the p computer irates could steal prototype designs.
To make the problem worse, the printer is usually the last device likely to be hacked. Homes and businesses place the PC at the top of the security list, but flaws in software and printer firmware may allow hackers to access sensitive data stored in the printer. printer – not on the PC – from another network location. have different ways to attack and even use a printer, like installing a chip that can transfer information to a remote location. They can bypass the authentication process that controls access to the device, change the data residing in the printer's memory or create malware on a personal device that connects to the device. the printer and accesses the entire network. can be hacked by focusing on the security issues of most brands, "reports Infosec. "In most printers, when we look for the address (non-technical) http: // your-printers-ip: 9100, it will not lead to any location, but it reads a print job. gives a root document request by https.This gives access to the LCD, through which the attacker enters.This does not prove any need for tools or code for access. "
This is where the new HP program comes in. Researchers can identify potential problems, check for vulnerabilities and be rewarded for their efforts. A report released by Bugcrowd claims that the company has seen more than 37,000 bug submissions over the past year, of which 69% were actually valid. This represents a 21% increase over the vulnerabilities discovered last year.
Unfortunately, HP and Bugcrowd do not point to a real page where researchers can find more information. Instead, they point to HP's Printer Device Security page, where you can learn more about HP's "secure" printer portfolio.
Source link