Security News > 2020 > October > HP Offering Big Rewards for Cartridge Vulnerabilities
HP announced on Thursday that it has expanded its bug bounty program, inviting several white hat hackers to find vulnerabilities in its office-class ink and toner cartridges.
The program is private and only four researchers have been invited to find vulnerabilities in original HP cartridges.
HP has been running a bug bounty program for its printers since 2018 - the company claimed at the time that this was the industry's first printer bug bounty program.
"While the industry has become sophisticated at spotting and blocking software-based intrusions, the same can't be said for hardware. In fact, it is well understood in the IT industry that counterfeit hardware can become the source of hardware-based exploitation," said Shivaun Albright, chief technologist for print security at HP. HP says it has taken steps to prevent cartridge chips from being replaced or altered in the supply chain.
"Only Original HP cartridges contain a chip with HP proprietary firmware that is designed to be secure and resistant to tampering. Non-HP supplies include chips of unknown origin that may employ untrusted firmware," Albright explained.