[Cs-contests] Fwd: CyberSEED 2015 - IoT Challenge

Sharon Goldberg goldbe at cs.bu.edu
Fri Sep 4 13:17:15 EDT 2015


---------- Forwarded message ----------
From: Cyber Seed <cyberseed at engr.uconn.edu>
Date: Fri, Sep 4, 2015 at 12:36 PM
Subject: CyberSEED 2015 - IoT Challenge
To: goldbe at cs.bu.edu


Dear Sharon Goldberg
------------------------------
------------------------------

*CyberSEED IoT Challenge*

Today's electronic systems are universal platforms that increasingly play a
role in our daily lives and have enabled previously unimaginable
applications such as the Internet of Things (IoTs). For instance, Comcast
is taking advantage of the enhanced capabilities of smart phones and
set-top boxes with apps that give users remote control of their home
appliances (lights, thermostat, etc.), the ability to monitor the location
<http://www.adweek.com/socialtimes/comcast-xfinity-home-security-includes-an-iphone-app/66796?red=st>
of other family members, and other capabilities. Since these IoT devices
are going to be embedded in our daily life, the security of these devices
must be iron-clad. However, as these devices are new and often not
"battle-tested", there are often vulnerabilities that can be exploited by
malicious hackers. Recent IoT hacks include the Nest Thermostat1
<#14f99377978682e2_fn1>, automobile insurance dongles2
<#14f99377978682e2_fn2>, and ZigBee Home Automation network3
<#14f99377978682e2_fn3>.

In the IoT Challenge, teams from universities around the world are invited
to probe an IoT device of their choice and present their findings at
CyberSEED. What private information can you glean from the device? Can you
exploit a vulnerability to gain control of the device or other devices on
the network? Does the device have hidden functionalities that you can
expose to give you access to enhanced services? Are there any safety
implications because of security holes in the device; e.g. disabling fire
alarms in a home?

Take a look at the OWASP IoT Top 10 Project
<https://www.owasp.org/index.php/OWASP_Internet_of_Things_Top_Ten_Project>
for some ideas on where to look for vulnerabilities.
*How do you participate?*
First, teams must submit a *letter of intent* to cyberseed at engr.uconn.edu
by September 15, 2015. This letter should contain the following information:

   - Description of device
   - Name of team
   - Expectations of security investigation

Teams should submit, by October 16, 2015, a report discussing their exploit
to the CyberSEED IoT challenge. The report should contain the following
elements:

   - Description of device
   - Discovered security vulnerabilities
   - Demonstrated exploits based on vulnerabilities
   - Impact of exploits -- financial, safety, privacy, etc.
   - Suggested mitigations

Teams will then present their findings at CyberSEED 2015, at the University
of Connecticut, Storrs, CT, to a panel of judges. Travel and accommodations
will be provided to all attending participants. Further prizes will be
awarded at CyberSEED for the best papers and presentations.

Don't forget to sign-up for any of the CyberSEED 2015 competitions (CTF,
Social Engineering, IoT). Passes are limited and available on a first-come,
first-served basis, so make sure to register
<http://www.csi.uconn.edu/cyberseed/> today!
------------------------------
1.
https://www.blackhat.com/us-14/briefings.html#smart-nest-thermostat-a-smart-spy-in-your-home
↩ <#14f99377978682e2_ref1>
2.
http://www.wired.com/2015/08/hackers-cut-corvettes-brakes-via-common-car-gadget/
↩ <#14f99377978682e2_ref2>
3.
https://www.blackhat.com/us-15/briefings.html#zigbee-exploited-the-good-the-bad-and-the-ugly
↩ <#14f99377978682e2_ref3>



-- 
Sharon Goldberg
Computer Science, Boston University
http://www.cs.bu.edu/~goldbe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/cs-contests/attachments/20150904/8ff800d3/attachment.html>


More information about the Cs-contests mailing list