Not-for-profit offering $50,000 to identify rogue IoT devices

12 Oct 2016

IoT concept. Image: Karashaev/Shutterstock

A not-for-profit organisation is offering a cash prize of $50,000 to groups that can help it – and the industry as a whole – quickly identify rogue IoT devices and separate them from genuine, safe ones.

Many groups and internet evangelists prophesise a bright future: an internet of things (IoT) world where every device is connected and communicating for the greater good.

But the reality is that if thousands – or even millions – of devices are connected together, one rogue product could be enough to take down an entire network.

Future Human

This possibility makes the ensuring of security on networks that control power grids or smart cities crucial before they can become a standard technology in societies, in the same way that electricity is today.

To that end, the US not-for-profit group Mitre – an organisation that tries to find solutions to issues such as cybersecurity, healthcare and defence – has launched the Unique Identification of IoT Devices Challenge.

The aim of the challenge is to find teams that can identify non-traditional approaches for targeting rogue IoT devices on a network with many of its clients.

IoT vulnerabilities remain

Mitre will provide a test bed home network to trial their detection method. It will incorporate a variety of readily available items, possibly including a Wi-Fi-activated kettle.

“We believe that the identification techniques that prove effective in a home system will translate to industrial, healthcare, military, smart city, and other IoT networks,” Mitre said of the challenge.

For their efforts, a team that can successfully find the ‘fingerprint’ of a rogue device on a network can win up to $50,000 and the possibility of a lucrative contract with the US government, one of the organisation’s clients.

One of the latest worries for IoT developers, according to ZDNet, has been the rising number of IoT attacks using a 12-year-old vulnerability in OpenSSH, commonly known as SSHowDowN attacks.

Much like the devastating DDoS attack against the Krebs on Security blog, this vulnerability remains despite the fact that it can be used to issue remote and devastating DDoS attacks.

Colm Gorey was a senior journalist with Silicon Republic