MITRE launches $50,000 challenge for IoT hackers
Non-profit research and development outfit MITRE Corp. is offering a $50,000 prize to security researchers who find new ways of detecting and fingerprinting IoT devices on a network.
“Network administrators need to know exactly what is in the … network — including when an adversary has switched out one device for another. In other words, is the smart thermostat we see today the same one that was there yesterday?” states MITRE in a recent notice.
“We are looking for a unique identifier or fingerprint to enable administrators to enumerate the IoT devices while passively observing the network,” the notice adds.
IoT devices like DVRs and their firmware preloaded with standard passwords, were compromised on a global scale for two recent massive DDoS attacks. Fixing such devices — what system administrators call mitigation — requires knowing exactly which ones are connected where. But many network administrators struggle with cataloging which devices are on their network in the first place.
The challenge will be run on a model home network built by MITRE engineers.
Contestant teams have to sign up in October and the challenge will open early next month. Registered contestants will be sent a series of “short radio frequency recordings of our home environment. Each recording will contain a wide array of interconnected devices with some changes made to the network over time.”
Using just the recordings, contestants have to identify the devices on the network, and figure out from subsequent recordings what changes — if any — have been made.
“We’re looking for a game-changing approach to identifying devices that would require no modification to the existing inventory, e.g., no change in protocols or manufacturing,” says MITRE.
Scores will be based on how many correct answers are submitted and how quickly. The scoreboard will be updated daily with team standings and the winner will be announced before the end of the year.
Would be contestants can sign up here.