Earn up to $10,000 by squashing printer-based bugs in HP’s bounty program

HP is calling an “industry first” by launching a print security bug bounty program providing rewards up to $10,000. It’s backed by Bugcrowd, a crowdsourced security platform that manages bug bounties, vulnerability disclosures, and more. The program will focus on bugs related to printers, which can be an entry point for hackers.

“As we navigate an increasingly complex world of cyber threats, it’s paramount that industry leaders leverage every resource possible to deliver trusted, resilient security from the firmware up,” Shivaun Albright, HP’s Chief Technologist of Print Security, said in a statement. “HP is committed to engineering the most secure printers in the world.”

According to HP, researchers participating in the program will report their findings directly to Bugcrowd. HP will evaluate any vulnerability that was already unearthed by the company and may reward the researcher “as a good faith payment.” Bugcrowd will verify all submitted bugs and reward researchers according to the severity of the flaw.

Why would hackers choose a printer as their attack vector? In the home or corporate environment, it can be connected directly to the local network and even shared across the internet. Even more, they could contain confidential data in memory as they print sensitive documents. In the case of 3D printers, hackers could steal prototype designs.

To make the problem more severe, the printer is typically the last device you’d think would be susceptible to hackers. Homes and corporation alike place the PC at the top of the security list, but flaws in printer software and firmware can enable hackers to access sensitive data stored in the printer – not in the PC – from another location on the network.

Hackers have various ways they can attack and even use a printer, such as installing a chip that can forward information to a remote location. They can bypass the authentication process that controls access to the device, modify the data residing in the printer’s memory, or create malware on a personal device that connects to the printer and gains access to the entire network.

“Multi-Function Printers can be hacked by concentrating on security problems from most of the brands,” reports Infosec. “In most printers, when we search the address (not technical) http://your-printers-ip:9100, it will not lead to any location, but it reads a print job. It gives a request for root document by https. This gives access to the LCD display, through which the attacker enters. This proves no need of any tools or code for access.”

That’s where HP’s new program comes in. Researchers can hunt down potential problems, have the vulnerabilities verified, and get rewarded for their effort. A report released by Bugcrowd claims that the firm saw more than 37,000 bug submissions over the past year, 69 percent of which were actually valid. That’s a 21 percent increase over the vulnerabilities discovered last year.

Unfortunately, HP and Bugcrowd aren’t pointing to an actual page where researchers can find more information. Instead, they point to HP’s Printer Device Security page where you can learn more about HP’s “secure” printer portfolio.

Computing

Is your PC safe? Foreshadow is the security flaw Intel should have predicted

Three new processor vulnerabilities have appeared under the 'Foreshadow' banner. They're similar in nature to Meltdown and Spectre, only they steal data from different memory spaces. Here's everything you need to know.
Computing

Australian student hacks into Apple, steals 90GB of data because he’s a ‘fan’

A 16-year-old student in Australia broke into Apple’s network multiple times for an entire year to download 90GB of “secure” data and access customer accounts. He did this because he was a "fan."
Computing

Researchers hack John McAfee’s ‘unhackable’ Bitfi cryptocurrency wallet

Researchers have successfully hacked John McAfee's Bitfi cryptocurrency wallet. Researchers show that the device can be hacked, as they have gained access to the device's private keys and passphrase despite McAfee's security promotion.
Smart Home

White-hat Chinese hackers turn Alexa into a spy, briefly

A team of Chinese researchers revealed this week that they were able to use a cracked Amazon Echo to exploit a series of Alexa interface flaws to take control over an unteuched Echo running on the same network.
Computing

AMD Threadripper 2990WX hits 6GHz under liquid nitrogen overclock

AMD's Threadripper 2990WX was already powerful when it debuted with 32 cores and 64 threads, but one overclocker has used liquid nitrogen to push a single core up to 6GHz for a new world record.
Computing

Arm’s future CPU designs may finally catch up with Intel in laptops by 2020

Arm publicly revealed its CPU road map for the first time, covering designs to be released through 2020. Typically disclosed under an NDA, Arm revealed its plans to show how its CPU designs will advance the always-on laptop.
Photography

Color grading pushes Pinnacle Studio 22 toward more pro video editing features

Designed for videographers that aren't pros but aren't basic users either, Pinnacle Studio 22 expands its advanced tools with color grading and four-point editing. The updates bring more advanced tools to the platform.
Emerging Tech

Buying on a budget? Here’s all the best tech you can snag for $25 or less

We live in a world where you can get a cheeseburger for $1, a functioning computer for $5, and thousands of HD movies for $10 -- so it stands to reason that you should be able to pick up some pretty sweet gear for $25.
Web

Google claims censored search in China is ‘not close’ as employees protest

Google CEO, Sundar Pinchai, has promised employees that the company is "not close" to releasing a censored search product in China, despite claims that it was working on such a project.
Web

Adobe Spark Page makes web design easy — here’s how to use it

Using artificial intelligence and simple tools, Adobe Spark Page is designed for easy web page design. Here's how to use Adobe Spark Page to create a travel journal, event page or any other one-page website.
Deals

Best Buy drops the price of MacBooks for its anniversary sale

It's not every day you see a MacBook sale like this, so you'll definitely want to consider these savings -- especially if you're a student. Students can save an additional $150 just by signing up for Best Buy student deals.
Deals

Walmart Back to College sale: Save big on computers, TVs, tablets, and more

Walmart's Back to College sale is your chance to score big discounts on name-brand electronics, so whether you're getting ahead of the new school year or just doing some shopping, we've picked out the best deals that can save you hundreds…
Computing

Qualcomm’s Snapdragon 850 chip appears in benchmarks with improved performance

A benchmark for Qualcomm’s new Snapdragon 850 processor show a less-than-stellar increase in multi-core performance over the previous 835 chip. Introduced in June, the Snapdragon 850 promises up to 30 percent better performance.
Computing

These 30 apps are absolutely essential for Mac lovers

There are literally hundreds of thousands of great software programs compatible with MacOS, but which should you download? Look no further than our list of the best Mac apps you can find for the latest MacOS and how they can help out your…