The Federal Trade Commission announces
The Federal Trade Commission (FTC) is hosting a prize competition that challenges the public to create a technical solution ("tool") that consumers can use to guard against security vulnerabilities in software found on the Internet of Things (IoT) devices in their homes.
The tool would, at a minimum, help protect consumers from security vulnerabilities caused by out-of-date software. Contestants have the option of adding features, such as those that would address hard-coded, factory default or easy-to-guess passwords.
The prize for the competition is up to $25,000, with $3,000 available for each [of three] honorable mention winner(s).
However, not only do the gov't workers not put ALL of the details on ONE page like people with normal intelligence, you also can't see the part of the page that contains the Registration and Submission link unless you have JavaScript enabled.
In their coverage, El Reg notes
Anyone who gets a genuinely good solution to this stuff won't need the $25,000 for long: they'll be scooped up by Silicon Valley in less time than it takes to say "elevator pitch".
Submissions for the [FTC] contest open on March 1, 2017 and close on May 22, 2017. Winners will be announced on July 27, 2017.
They also have a not-exactly-short list of IoT stuff that has already been pwned or has shipped with insecure configurations.
We can probably all agree that the current situation with insecure devices that can be hijacked and used as bots is unsatisfactory, but has anyone got any suggestions that would still enable a company to market secure devices while keeping the costs at a reasonable level?
(Score: 1) by khallow on Saturday January 07 2017, @01:37PM
(Score: 1) by RS3 on Saturday January 07 2017, @05:36PM
I think this is a seriously good idea. You could run into a problem if the device has some degree of security, for instance much of the boot code and config. data are in ROM or well protected read-only filesystem. You would not be able to make changes. If you try to kill the running network processes, they would restart automatically. If you can get into RAM (which is how most malware works) you could bugger the networking stuff, but again, some kind of internal self-check routine could restart processes or reboot the whole thing.
Also a well-designed malware bot could wall itself in- fixing/blocking whatever holes it found, stopping your worm.
But it could help in a lot of cases.