Include:
Tech
Cybersecurity
Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.

Location

333 West San Carlos Street
San Jose, California 95110
United States

WWW: acer.com

ChannelPro Network Awards

hello 2
hello 3

Press Releases

October 1, 2020 | ChannelPro

HP Expands Bug Bounty Program to Validate Office-Class Ink and Toner Cartridge Security

Challenges Ethical Hackers to Identify Security Vulnerabilities and Risks

News Highlights:

New Bug Bounty program aims to identify potential risks in office-class print cartridges
Ethical hackers have an opportunity to discover vulnerabilities in the interfaces between the printer and HP Original Ink and Toner cartridges
HP will award up to $10,000 for vulnerabilities discovered
Underscores HP’s continued commitment to engineer the world’s most secure printing systems1

Today, in recognition of Cybersecurity Awareness Month (U.S.), HP Inc. (NYSE: HPQ) announced it has expanded its Bug Bounty program to focus specifically on office-class print cartridge security vulnerabilities. The program underscores HP’s commitment to delivering defense-in-depth across all aspects of printing—including supply chain, cartridge chip, cartridge packaging, firmware and printer hardware.

As part of this program, HP has engaged with Bugcrowd, a leading crowdsourced cybersecurity company, to conduct a three-month program in which four professional ethical hackers have been challenged to identify vulnerabilities in the interfaces associated with the HP Original print cartridges. If any of the hackers are successful, HP will award up to $10,000 USD per vulnerability.

“Bad actors aiming to exploit printers with sophisticated malware pose an ever-present and growing threat to businesses and individuals alike,” said Shivaun Albright, HP Chief Technologist for Print Security. “Security features need to go beyond the hardware and include the cartridge for an end-to-end secure system that protects your network and information. HP is committed to staying ahead by expanding our Bug Bounty Program and hiring some of the brightest cybersecurity experts across the globe to help us uncover potential risks so they can be fixed before any harm is done.”

Over the past few years, there’s been a rise in attacks of embedded system technologies, which are often shared across connected devices and include PC firmware/BIOS as well as printer firmware. Quocirca’s Print Security 2019 report2 revealed that 59 percent of businesses reported a print-related data loss in the past year. COVID-19 has only added new complexities, as many employees increased their remote printing practices, triggering even more potential vulnerabilities for their employers.

“Cyber breaches have increased in volume, complexity and impact, extending to embedded systems,” said Ashish Gupta, CEO of Bugcrowd. “This bug bounty program gives HP the ability to stay ahead of attacks with access to researchers that are experts in printing technology. We have worked with HP for several years and are excited to serve as a force multiplier in their security strategy.”

HP had engaged in Bug Bounty programs over the years to complement and extend the company’s own rigorous penetration testing. While ethical hacking is a widespread practice throughout the technology industry, HP has been a pioneer in expanding this program to printers, an oftentimes overlooked attack vector. For example, in 2018, HP launched the industry’s first print security Bug Bounty Program.

“HP has been a leader in print security for many years now, establishing new industry cybersecurity standards and garnering praise from third-party security testing labs for having some of the most secure printers,” said Mark Vena, senior analyst, Moor Insights & Strategies. “Leadership in this area, particularly focused on secure hardware features and a firmware-based approach with imaging devices, could not come at a better time.”

In our increasingly connected world, any connected device can become an avenue of attack for hackers. Keeping up requires continuous investment and dedicated research. That’s why HP is committed to pursuing focused and rigorous testing, both internally and with third parties, to better protect its customers and partners. For more information on the threat landscape, the size of the problem and HP’s strategy to ward off potential threats, visit Is Your Printer The New Trojan Horse from Moor Insights & Strategies and HP Office Cartridge Security Printing: Security from Start to Finish from Keypoint Intelligence/InfoTrends.

About HP Inc.
HP Inc. (NYSE: HPQ) creates technology that makes life better for everyone, everywhere. Through our product and service portfolio of personal systems, printers and 3D printing solutions, we engineer experiences that amaze. More information about HP Inc. is available at www.hp.com.

©Copyright 2020 HP Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

 

____________
1 HP’s most advanced embedded security features are available on HP Managed and Enterprise devices with HP FutureSmart firmware 4.5 or above. Claim based on HP review of 2019 published features of competitive in-class printers. Only HP offers a combination of security features to automatically detect, stop, and recover from attacks with a self-healing reboot, in alignment with NIST SP 800-193 guidelines for device cyber resiliency. For a list of compatible products, visit hp.com/go/PrintersThatProtect. For more information, visit hp.com/go/PrinterSecurityClaims.
2 Quocirca’s Global Print Security Landscape, 2019 report, February 2019 https://h20195.www2.hp.com/v2/getpdf.aspx/c06274488.pdf


Editor’s Choice

MSP360 Bolsters Managed Backup Solution With Full Sharepoint Backup and Restore, Object Lock, and More

March 25, 2024 |

MSP360 CEO Brian Helwig details the latest improvements in its managed backup solutions and teases some new opportunities down the road for its partners in an exclusive ChannelPro interview.

Peer to Peer: Aurora’s Philip de Souza shares his secrets to creating a successful MSSP

March 19, 2024 | Philip de Souza

“It’s important that we understand when it comes to this whole MSP world that it’s all about the customer.”

Evolving State AI Regulations: Best Practices for Mitigating Risk

March 14, 2024 | Anurag Lal

While AI technologies can unlock tremendous business value, they also have potential risks.


Related News

Growing the MSP

Explore ChannelPro

Events

Reach Our Audience