HP Will Pay Researchers $10,000 If They Can Hack Its Printers

July 31, 2018, 11:01 PM UTC
Technology Products - Studio Shoot
A HP TopShot LaserJet Pro M275 printer, March 25, 2012. (Photo by Jesse Wild/MacFormat magazine via Getty Images)
Jesse Wild—MacFormat magazine via Getty Images

HP is inviting researchers to hack their printers, and will pay them up to $10,000 if they succeed.

As security breaches have grown more commonplace in recent years, companies have taken to offering bug bounties, hoping that the community of security researchers can help spot vulnerabilities before nefarious hackers do. HP announced Tuesday a bug-bounty program that it says will be the first ever for the printer industry.

HP is working with Bugcrowd, a company offering crowdsourced security, to help manage to bounty program. Researchers who discover bugs in printers will notify Bugcrowd, which will verify them and offer awards of up to $10,000 depending on the severity of the security threats they pose.

Bugcrowd said it detected a 21% increase over the past year in security vulnerabilities in connected devices, including printers, laptops and smartphones.

“Companies, healthcare systems, governmental and educational entities have started to realize how real the threat is but resources are scarce and dwindling,” Bugcrowd said in a blog post announcing its 2018 Bug Bounty Report. “The number of vulnerabilities out in the wild is outpacing the ability to find and fix them.”

While many companies are focusing their network security efforts on servers and laptops, printers pose an often overlooked entry point into company networks. A report from German researchers last year looked at 20 printers from different manufacturers and found vulnerabilities in all of them. Those vulnerabilities can lead to printers being hijacked or revealing sensitive information.

HP is the leading manufacturer of printers, with about a 40% share of the worldwide market, according to IDC.