Skip to main content

Earn up to $10,000 by squashing printer-based bugs in HP’s bounty program

HP is calling an “industry first” by launching a print security bug bounty program providing rewards up to $10,000. It’s backed by Bugcrowd, a crowdsourced security platform that manages bug bounties, vulnerability disclosures, and more. The program will focus on bugs related to printers, which can be an entry point for hackers.

“As we navigate an increasingly complex world of cyber threats, it’s paramount that industry leaders leverage every resource possible to deliver trusted, resilient security from the firmware up,” Shivaun Albright, HP’s Chief Technologist of Print Security, said in a statement. “HP is committed to engineering the most secure printers in the world.”

Recommended Videos

According to HP, researchers participating in the program will report their findings directly to Bugcrowd. HP will evaluate any vulnerability that was already unearthed by the company and may reward the researcher “as a good faith payment.” Bugcrowd will verify all submitted bugs and reward researchers according to the severity of the flaw.

Why would hackers choose a printer as their attack vector? In the home or corporate environment, it can be connected directly to the local network and even shared across the internet. Even more, they could contain confidential data in memory as they print sensitive documents. In the case of 3D printers, hackers could steal prototype designs.

To make the problem more severe, the printer is typically the last device you’d think would be susceptible to hackers. Homes and corporation alike place the PC at the top of the security list, but flaws in printer software and firmware can enable hackers to access sensitive data stored in the printer – not in the PC – from another location on the network.

Hackers have various ways they can attack and even use a printer, such as installing a chip that can forward information to a remote location. They can bypass the authentication process that controls access to the device, modify the data residing in the printer’s memory, or create malware on a personal device that connects to the printer and gains access to the entire network.

“Multi-Function Printers can be hacked by concentrating on security problems from most of the brands,” reports Infosec. “In most printers, when we search the address (not technical) http://your-printers-ip:9100, it will not lead to any location, but it reads a print job. It gives a request for root document by https. This gives access to the LCD display, through which the attacker enters. This proves no need of any tools or code for access.”

That’s where HP’s new program comes in. Researchers can hunt down potential problems, have the vulnerabilities verified, and get rewarded for their effort. A report released by Bugcrowd claims that the firm saw more than 37,000 bug submissions over the past year, 69 percent of which were actually valid. That’s a 21 percent increase over the vulnerabilities discovered last year.

Unfortunately, HP and Bugcrowd aren’t pointing to an actual page where researchers can find more information. Instead, they point to HP’s Printer Device Security page where you can learn more about HP’s “secure” printer portfolio.

Kevin Parrish
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
WWDC 2025: Apple announces iOS 26, macOS 26, watchOS 26 and more
Major updates to iOS, macOS, watchOS, iPadOS, tvOS and visionOS
WWDC 2025 logo

Apple kicked off WWDC 2025 with its keynote presentation at its annual World Wide Developer's conference, and it was a bumper affair.

We were treated to a raft of updates across all of the firm's software platforms, as we were introduced to iOS 26, iPadOS 26, watchOS 26, macOS 26, tvOS 26 and visionOS 26.

Read more
ChatGPT was down: how the June 10 OpenAI outage unfolded
AI assistant ChatGPT and image creator Sora were down as part of a major OpenAI outage
ChatGPT logo on a phone

The popular AI assistant ChatGPT, and image generator Sora, suffered significant downtime as part of a major OpenAI outage today, June 10.

Downdetector showed reports regarding a ChatGPT outage started shortly before 12am PDT overnight and into June 10. This wasn't the first time we've seen ChatGPT go down, with an outage also occurring back in December 2024.

Read more
For gamers on a budget — this Amazon Basics gaming monitor is on sale for $110
The Amazon Basics 27-inch Full HD gaming monitor on a white background.

If you're still using a basic display with your gaming PC, then you're not maximizing its capabilities. You don't have to spend hundreds of dollars on an upgrade though, as you can get the 27-inch Amazon Basics Full HD gaming monitor for only $110 right now. That's a $40 discount from Amazon on its original price of $150, but we're not sure for how much longer, so we highly recommend proceeding with your purchase as soon as possible on one of the most affordable monitor deals for gamers today.

Why you should buy the 27-inch Amazon Basics Full HD gaming monitor

Read more