MITRE announces winner of IoT security challenge
A team lead by a hardware engineer from Roswell, Georgia, has won the $50,000 prize in the MITRE Corp.’s Internet of Things security challenge by figuring out how to identify connected devices on a home network just from their radio traffic.
The team, which called itself 0xDEADBEEF, was put together and led by Duncan Thompson, an engineer for Ciena who works on verification for optical networking switches, MITRE said in a release.
Thompson is a graduate of Georgia Tech and learned about the challenge from media reports. He told MITRE he decided to give the challenge a shot “driven by curiosity.”
The runners up were:
- Pulzze Systems, an IoT start-up company from Silicon Valley that develops end point detection, entity recognition, and service interaction technology for IoT systems.
- Tietronix, a small IoT company located in Houston that specializes in software development, IT security, training and simulation.
Since it was launched in October, 130 teams from all over the world took part in the challenge, which was run on a model home network built by MITRE engineers.
IoT devices like DVRs and webcams — their firmware preloaded with standard passwords — were compromised on a global scale for two massive DDoS attacks last year. Fixing such devices — what system administrators call mitigation — requires knowing exactly which ones are connected where. But even professional network administrators often struggle with cataloging which devices are on their network in the first place.
Contestants were sent a series of short radio frequency recordings of the model home environment, each one containing a wide array of interconnected devices — with changes made to the network over time.
Using just those recordings, contestants had to identify the devices on the network, and figure out from subsequent recordings what changes — if any — have been made.
MITRE says it launched the challenge “to help government agencies, industry, and individuals reap the benefits of the IoT technological evolution—while minimizing the risks.”