Put walls around home Things, win $25k from US government
Calling 'tinkerers and thinkers'
America's Federal Trade Commission has kicked off a challenge to see who can come up with good ideas for securing the Internet of Things.
While the US$25,000 top prize will probably end up in the pocket of an infosec pro, the FTC interestingly says it's interested in hearing from “tinkerers” and “thinkers” as well as from entrepreneurs. There are three “honourable mention” prizes on offer at $3,000 each.
“The tool would, at a minimum, help protect consumers from security vulnerabilities caused by out-of-date software. Contestants have the option of adding features, such as those that would address hard-coded, factory default or easy-to-guess passwords”, the FTC's Iot Home Inspector Challenge page says.
Individuals or teams of individuals can compete, but they can't be acting on behalf of companies.
It's a wonderfully-rich field to plough. Merely checking The Register's archives – and we can't claim to have covered every single Internet of Things vulnerability – reminds us that:
- The Mirai botnet proved a simple but effective way to exploit bad defaults on DVRs;
- Webcam vendors notified of vulnerabilities in 2014 still hadn't patched by December 2016. In fact, "vendors don't patch" is a catch-cry reaching from light bulbs to auto-tellers;
- Vendors keep shipping products with default credentials. Sony, Edimax, Cisco, D-Link, ASUS and Fortinet were among a very long list pinged in 2016 alone;
Anyone who gets a genuinely good solution to this stuff won't need the $25,000 for long: they'll be scooped up by Silicon Valley in less time than it takes to say "elevator pitch".
Submissions for the FCC contest open on March 1, 2017 and close on May 22, 2017. Winners will be announced on July 27, 2017. ®