Skip to main content
  1. Home
  2. Computing
  3. Web
  4. News

Earn up to $10,000 by squashing printer-based bugs in HP’s bounty program

Add as a preferred source on Google

HP is calling an “industry first” by launching a print security bug bounty program providing rewards up to $10,000. It’s backed by Bugcrowd, a crowdsourced security platform that manages bug bounties, vulnerability disclosures, and more. The program will focus on bugs related to printers, which can be an entry point for hackers.

“As we navigate an increasingly complex world of cyber threats, it’s paramount that industry leaders leverage every resource possible to deliver trusted, resilient security from the firmware up,” Shivaun Albright, HP’s Chief Technologist of Print Security, said in a statement. “HP is committed to engineering the most secure printers in the world.”

Recommended Videos

According to HP, researchers participating in the program will report their findings directly to Bugcrowd. HP will evaluate any vulnerability that was already unearthed by the company and may reward the researcher “as a good faith payment.” Bugcrowd will verify all submitted bugs and reward researchers according to the severity of the flaw.

Why would hackers choose a printer as their attack vector? In the home or corporate environment, it can be connected directly to the local network and even shared across the internet. Even more, they could contain confidential data in memory as they print sensitive documents. In the case of 3D printers, hackers could steal prototype designs.

To make the problem more severe, the printer is typically the last device you’d think would be susceptible to hackers. Homes and corporation alike place the PC at the top of the security list, but flaws in printer software and firmware can enable hackers to access sensitive data stored in the printer – not in the PC – from another location on the network.

Hackers have various ways they can attack and even use a printer, such as installing a chip that can forward information to a remote location. They can bypass the authentication process that controls access to the device, modify the data residing in the printer’s memory, or create malware on a personal device that connects to the printer and gains access to the entire network.

“Multi-Function Printers can be hacked by concentrating on security problems from most of the brands,” reports Infosec. “In most printers, when we search the address (not technical) http://your-printers-ip:9100, it will not lead to any location, but it reads a print job. It gives a request for root document by https. This gives access to the LCD display, through which the attacker enters. This proves no need of any tools or code for access.”

That’s where HP’s new program comes in. Researchers can hunt down potential problems, have the vulnerabilities verified, and get rewarded for their effort. A report released by Bugcrowd claims that the firm saw more than 37,000 bug submissions over the past year, 69 percent of which were actually valid. That’s a 21 percent increase over the vulnerabilities discovered last year.

Unfortunately, HP and Bugcrowd aren’t pointing to an actual page where researchers can find more information. Instead, they point to HP’s Printer Device Security page where you can learn more about HP’s “secure” printer portfolio.

Kevin Parrish
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Apple’s Hide My Email feature has an unfixed bug that leaves email addresses exposed
100% exploitable in limited testing, known since June 2025, and still unfixed as of today.
apple-merging-sign-in-with-apple-hide-my-email-icloud+

Apple has been selling Hide My Email to keep your real email address hidden, but it has a vulnerability that does the exact opposite. The worst part is that the company has known about it for a year. 

Hide My Email, part of Apple’s paid iCloud+ subscription, lets users generate anonymous email addresses for signing up to a website, so that their personal or work email remains free of promotional emails and spam. 

Read more
I hate sharing my Mac, but a face-unlocking app finally cured my privacy paranoia
Someone finally built the app locker every Mac user has been asking for.
FaceGate in action on Mac

If you have ever handed your Mac to a friend, family member, or coworker for "just a minute," you know the mild panic that follows. Sure, your Mac has a lock screen, but once someone is past it, they can open Messages, Photos, Notes, Mail, WhatsApp, and your browser.

iPhones had the same issue, but Apple solved it by adding an app lock feature with the iOS 18 update. Sadly, no such feature exists for macOS. That’s where the new FaceGate app for Mac can help you. It’s a free and open-source app that lets you lock apps on your Mac and even has some novel tricks up its sleeve. So, let’s talk about it, shall we?

Read more
The charm of a tiny Windows tablet is apparently dead at Microsoft. Long live the Surface Go!
Microsoft’s budget Surface era may be over
Microsoft Surface Go 3 stand.

Microsoft might be cleaning up its Surface lineup. According to Windows Central, Microsoft has stopped manufacturing the Surface Go and Surface Laptop Go lines, with no successors currently planned. Surface Go 4 and Surface Laptop Go 3 are reportedly out of stock in most places, and once remaining retail stock is gone, that may be it.

If this is true, then we are looking at the end of the brand's budget Surface PCs as Microsoft has plenty of premium Windows hardware.

Read more