MITRE Offers Up Fat $50K Bounty To Fingerprint Hacked Rogue IoT Devices
We've talked a lot about IoT devices here at HotHardware, but over the past year, it's become increasingly clear that we have to be careful with how we roll out new devices. Companies are leading us on to believe that in the future, the world will simply be blanketed with IoT devices everywhere. We see that as a potentially major security risk.
Our simple IoT devices could become part of a DDoS network, and we'd not even know it. Bear in mind that it was a mammoth cluster of IoT devices that helped bring an unprecedented deluge of traffic towards Brian Krebs' website last month. And, as if we needed that kind of attack to persist, the source code for the software that took down Krebs' website has since been leaked to the wild.
It's probably safe to say that any doubt regarding the insecurity of IoT devices has been squashed, so what to do next? Most of the world's first IoT devices didn't follow established guidelines, so how could they be scanned on a network? That's what MITRE wants to know.
MITRE, a non-profit research and development firm, has just offered up to $50,000 to anyone who can create a solution that could seek out rogue IoT devices on a network. Again, remember that most IoT devices are not going to respond to pings the same way or give off the same kind of signals, so actual detection of these devices might not be so simple. However, it's incredibly important that such solutions do exist, or else people - and even companies or the government - could find out the hard way that they have insecure IoT devices on their network.
The premise of the competition is simple, but the solution might not be. MITRE welcomes anyone and everyone who thinks they can solve this problem to join in, whether you're an individual or part of a college team. It's important to note that all of your IP will remain your own; MITRE is merely encouraging participants to find solutions right now, before the need becomes even greater.
If you're interested, you will have to register at the URL below. That will include choosing a team name, contact name, and other simple information. Through October and November, MITRE will send audio files of short-radio frequency recordings, which will encompass a series of tests to see if participants can identify various devices on the network. At the end of December, a winner will be announced. Let's hope that by that point, a bullet-proof solution will be announced.