Stories
Slash Boxes
Comments

SoylentNews is people

FTC Announces $25k Internet-of-Things Security Challenge

posted by janrinok on Saturday January 07 2017, @06:27AM   Printer-friendly
from the something-desperately-needed dept.

-- OriginalOwner_ writes:

The Federal Trade Commission announces

The Federal Trade Commission (FTC) is hosting a prize competition that challenges the public to create a technical solution ("tool") that consumers can use to guard against security vulnerabilities in software found on the Internet of Things (IoT) devices in their homes.

The tool would, at a minimum, help protect consumers from security vulnerabilities caused by out-of-date software. Contestants have the option of adding features, such as those that would address hard-coded, factory default or easy-to-guess passwords.

The prize for the competition is up to $25,000, with $3,000 available for each [of three] honorable mention winner(s).

However, not only do the gov't workers not put ALL of the details on ONE page like people with normal intelligence, you also can't see the part of the page that contains the Registration and Submission link unless you have JavaScript enabled.

In their coverage, El Reg notes

Anyone who gets a genuinely good solution to this stuff won't need the $25,000 for long: they'll be scooped up by Silicon Valley in less time than it takes to say "elevator pitch".

Submissions for the [FTC] contest open on March 1, 2017 and close on May 22, 2017. Winners will be announced on July 27, 2017.

They also have a not-exactly-short list of IoT stuff that has already been pwned or has shipped with insecure configurations.

We can probably all agree that the current situation with insecure devices that can be hijacked and used as bots is unsatisfactory, but has anyone got any suggestions that would still enable a company to market secure devices while keeping the costs at a reasonable level?

Original Submission

 
This discussion has been archived. No new comments can be posted.
FTC Announces $25k Internet-of-Things Security Challenge | Log In/Create an Account | Top | 32 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1) by khallow on Saturday January 07 2017, @01:37PM

    by khallow (3766) Subscriber Badge on Saturday January 07 2017, @01:37PM (#450716) Journal
    How about designing a worm that when it manages to break into a device disables the networking functionality that it used to get it. That way stuff that is properly secured works and stuff that isn't doesn't work.

  • (Score: 1) by RS3 on Saturday January 07 2017, @05:36PM

    by RS3 (6367) on Saturday January 07 2017, @05:36PM (#450774)

    How about designing a worm that when it manages to break into a device disables the networking functionality that it used to get it. That way stuff that is properly secured works and stuff that isn't doesn't work.

    I think this is a seriously good idea. You could run into a problem if the device has some degree of security, for instance much of the boot code and config. data are in ROM or well protected read-only filesystem. You would not be able to make changes. If you try to kill the running network processes, they would restart automatically. If you can get into RAM (which is how most malware works) you could bugger the networking stuff, but again, some kind of internal self-check routine could restart processes or reboot the whole thing.

    Also a well-designed malware bot could wall itself in- fixing/blocking whatever holes it found, stopping your worm.

    But it could help in a lot of cases.