قالب وردپرس درنا توس
Home / Technology / HP will pay hackers up to $ 10,000 to break its printers

HP will pay hackers up to $ 10,000 to break its printers



  HP Officejet Pro 8600 Plus E-All-In-One Printer

HP asks researchers to hack their printers.


Sarah Tew / CNET

It is the "Office Space" imagination that comes true. Well please

HP does not ask people to break their printers into pieces, but the company is willing to pay people to break the software from each other.

On Tuesday, HP announced its first bug program specifically aimed at its printers. as much as $ 1

0,000 to hackers who can find vulnerabilities on their machines.

Bug debt is a common way for businesses to find vulnerabilities, with payments as high as $ 100,000 for serious vulnerabilities. Hackers have been able to create a full time job software and report errors before vulnerabilities are used harmful. Companies like Google and Facebook have turned to bug bounties as a way to strengthen their security.

HP clearly started its program in May with 34 researchers registered. It has already paid $ 10,000 to an attacker who found a serious mistake with its printers, Shivaun Albright, the company's chief printer security engineer, said in an interview last week.

The company is focused on printer security due to the vulnerability of the Internet of things devices, she said. While there is a heavy focus on connected devices and their security vulnerabilities, it's often on webcams, smart televisions or light bulbs, not printers, Albright said.

However, printers may be the oldest and most common IoT device a person owns, noted HP technology.

"They've been around for a long time, even before the term" IoT "was out there," she said. "The problem is why do not customers consider printers like IoT?"

It's not like printers are immune to attacks.

In 2016, Mirai botnet – a massive network of hacked devices used to destroy the network – caused a major web site breaking down popular sites like Twitter, Netflix and Reddit. Botnet used hacked IoT devices, such as webcams and DVR, but printers were also part of that mix, Albright said.

HP's bug-bounty program will be run through Bugcrowd, a platform that enables payments and invitations. The program is currently private, with Bugcrowd treatment that researchers are invited to join. Albright said that HP is interested in making it public in the future, but keeps it closed for now to better handle incoming vulnerabilities.

The invited researchers have remote access to 15 printers, which are isolated at HP's offices. From their computers at home, they can point and pry into these machines to find hidden vulnerabilities.

For a payment of $ 10,000, Albright said the researcher had to find serious errors such as remote code execution, which would allow an attacker to take full control of the printer.

If they find and report any errors, HP will pay them for the discovery and then post to fix it at the next update.

"We solve these problems very quickly and put them around so they are not found in nature," Albright said.

Security: Stay up to date in breaking, hacking, repairs and all cyber security issues that keep you up at night.

CNET Magazine: Check out a selection of the stories in CNET's kiosk edition.


Source link