HP Will Give You $10,000 To Hack Your Printer (zdnet.com) 75
hyperclocker shares a report: HP hopes to entice researchers with a $10,000 reward for finding vulnerabilities in printers. The tech giant revealed the new bug bounty program on Tuesday. The scheme, which is launching as a private bug bounty, is tailored specifically for HP printer hardware. While many of us use home printers simply for printing the occasional document or photo, in the enterprise, these devices are often found in a network. If there is a weak link in business networks, a single device -- whether it be a printer or smart air conditioning system -- can be exploited to compromise a wider network system.
Printers, especially if they are overlooked when it comes to firmware updates or upgrades, can become such avenues to exploit. According to research undertaken by Bugcrowd, "2018 State of Bug Bounty Report," endpoint devices are becoming a tantalizing target for threat actors, with a 21 percent increase in total endpoint bugs reported over the past 12 months. In partnership with bug bounty platform Bugcrowd, HP says it is the "only vendor" to launch a printer-only vulnerability disclosure scheme. Under the terms of the program, researchers can earn between $500 and $10,000 per legitimate find.
Printers, especially if they are overlooked when it comes to firmware updates or upgrades, can become such avenues to exploit. According to research undertaken by Bugcrowd, "2018 State of Bug Bounty Report," endpoint devices are becoming a tantalizing target for threat actors, with a 21 percent increase in total endpoint bugs reported over the past 12 months. In partnership with bug bounty platform Bugcrowd, HP says it is the "only vendor" to launch a printer-only vulnerability disclosure scheme. Under the terms of the program, researchers can earn between $500 and $10,000 per legitimate find.
I hacked my last printer (Score:3)
I think it was a HP one too.
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
$10K to cut off 3rd party ink hacks is good spendi (Score:3)
$10K to cut off 3rd party ink hacks is good spending.
Re: (Score:2)
I don't think this is the case. It is more like $10K to show how woefully inadequate printer security is, so you have to buy a whole new printer that is up to last years standards, that are already obsolete.
Re: (Score:2)
Interestingly the last HP advert I saw about printers directly talked about security risks that are network attached printers. It seems HP may be the only company that is at least giving this space some thought.
Not that I think they have coders capable of making secure printers, but they are giving it some thought.
Opposite is true for me... (Score:2)
$10K to cut off 3rd party ink hacks is good spending.
I picked up an HP office jet 476dx and I bought 3rd party inks.... and the printer gave some generic error and refused to use the cartridges.
Then I updated the firmware to HP's latest, and I could use the inks.
The point is that they shipped a printer that couldn't use third party inks, and then were guilted or otherwise moved to update the firmware to allow them. The printer now works fine with 3rd party inks that cost 1/4 what HP charges, and I only have to tolerate the printer bitching a bit when I replac
HP Instant Ink (Score:3, Insightful)
This is probably to "secure" HP Instant Ink, which monitors your printer so you can give an unlimited amount of money to HP, for ink refills.
It's basically the renting models for printers, except you pay for the printer, pay for the ink, pay to be monitored, and pay either per page , or per month.
The best part is, when the printer dies, you also get to pay for the recycling!
HP can also help you, by automatically sending you relevant ads, on the printer you paid for, with the paper you paid for, with the ink you pay for, with the electricity you pay for, and you compensate HP for this by letting them have access to your printing data and network!
Re: (Score:1)
HP can also help you, by automatically sending you relevant ads, on the printer you paid for, with the paper you paid for, with the ink you pay for, with the electricity you pay for, and you compensate HP for this by letting them have access to your printing data and network!
A friend has one of those HP ink jet scanner combos. It has a smartphone like touch screen display with ads all over it. Unbelievable.
Re: (Score:2)
Never mind.
I had some HP printers once, a long time ago. They were such POS that I swore I'd never buy another. And I never have.
I'm with you on this, except I have a Brother now. I gave up on HP when the "replacement" printer they sent me was a refurbished one that normally comes with a 90 day warranty. Well I had 5 months left and, you guessed it, the refurbished one broke too. When I called them, they tried to claim I only had a 90 day warranty and that had expired.... Well, to make a really long story involving phone trees, cussing and legal threats short, they sent me a second refurbished printer, which died just after the 1
Re: (Score:2)
They don't work that great with Windows either, natch.
Re: (Score:2)
Don't feel so special, the main difference between you and a Windows user is that you didn't waste half a day trying to install the drivers, and another half day trying to undo the damage they did to your system.
Wow (Score:1)
Yellow dots (Score:2)
Does removing the yellow dots that identify which printer a document came out of count?
Re: (Score:2)
Does removing the yellow dots that identify which printer a document came out of count?
My first thought. This can be used to identify a person of a company to exploit.
i have to hack mine every day (Score:2)
So my computer or iphone can find it. My HP printer is a shit printer.
I should submit a bug for my LaserJet II (Score:2)
Epson (Score:2)
Ecotank.
Easy (Score:4, Funny)
Sincerely,
-Paul Christopher Loadletter
Re: (Score:2)
I thought it was "); DROP DATABASE USERS;
I am not yelling you stupid filter, I am writing sql.
Re: (Score:1)
Would never use a HP (Score:4, Funny)
I remember fondly a long time ago, when one employee brought his private first HP color printer to his office and installed it on his machine.
The install process replaced the print queue and it began immediately checking the company network for all printers that might be out of paper or ink, all over the world, from the US, to Europe, India and Japan.
After an hour it had consumed all the bandwidth available polling 10-15000 printers and the network broke down.
It was fun working IT those days.
Re: (Score:2)
"Anyway, I'm going to let the joke fly over my head and suggest that your company's network design was more to blame than the printer or its clueless owner."
You were not born yet, or we would have hired you then.
Remembering the old ones (Score:2)
Re: (Score:2)
Always wanted a pen plotter back then.
Now, I don't think the ports, drivers, or the ink pens still exist...
Not my printer (Score:2)
My printer is a lj2300 with a jetdirect card which has well-known vulnerabilities which hp has decided not to fix. This is just pretense at caring about security, they don't actually give one shit.
Re: (Score:2)
It's actually wired vulnerabilities, but still lame. Odds are I will end up recycling it anyway because it has multiple feed problems and I just don't print much any more and can't justify the space it takes up, let alone the time to troubleshoot.
How can you even tell? (Score:2)
How can you even tell if your printer has been hacked or whether it's just HP's amazingly crappy drivers, software, and firmware?
We've got two at work that are constantly breaking on their own. They'll mysteriously go to sleep and never wake up (yes, we disabled going to sleep). They'll stop responding and need to be hard power cycled by yanking the cord. The software is an astoundingly giant pile of crap (about a gig worth) that doesn't seem to do anything useful except burn 20% cpu. I know how to drop
Anyone stil using HP printers? (Score:2)
Re: (Score:2)
On Fedora, I have been using HP All-in-One printer/fax/copier/scanners that cost less than $100. They tend to last for a few/several years. I don't do wireless; it is plugged into a USB port.
I just have to ensure I include the required packages and it just works...
hplip hplip-common hplip-libs libsane-hpaio sane-backends-drivers-scanners xsane
stuxnet anyone? (Score:1)
Sheeet.... (Score:2)
"Sheeet, ain't much point in hacking your printer unless it lets you print out your own ten grand."
-above-average intelligence Texan/genius-level Okie
The $10,000 is payable in... (Score:2)
Print cartridges (remanufactured) and photo paper for your printer. Enough for 500 pages.
Re: (Score:2)
Now, now, don't get greedy.
Why bother? (Score:2)
The average HP printer goes dead after no longer than a year anyway. It's futile task to try to hack them, by the time you're done, it probably croaks anyway.
Not about their Desktop Range (Score:2)
This is in regards to their Multifunction Enterprise copiers (Futuresmart 4). They run embedded linux, export a SOAP sdk for remote coding, embedded applications and authentication.
Epson doesn't need to be hacked (Score:1)
Dangles $10K reward, gives $500 (Score:1)
This is somewhat similar to the "please fill out this 10-page survey, and you have the chance to win $20K!", except that no one ever wins anything.
documentation (Score:2)
Re: (Score:1)
do the bugs really matter (Score:1)
10K? That's almos enough for a legit ink refill! (Score:2)
brings back memories (Score:2)
And I also wrote a program to simulate a dirty mouse (back when they had balls). Gave it to one of the IT guys and we heard th