Top Internet of Things Daily & Weekly

The FTC’s Internet of Things (IoT) Challenge — Krebs on Security

The FTC’s Internet of Things (IoT) Challenge  #cybersecurity #security

  • The solution to the internet of things is to develop another internet of things device that will come with it’s own set of security vulnerabilities.
  • The FTC puts the device on the internet and offers a bounty to anyone who can crack the device and provide details about how they did it.
  • Or be configured such that the end user MUST set a unique password before the device will function.
  • Any local user with physical access can reset or recover the device if needs be, most never will !
  • Any company that wants to sell a device in the U.S. has to send an example to the FTC.

One of the biggest cybersecurity stories of 2016 was the surge in online attacks caused by poorly-secured “Internet of Things” (IoT) devices such as Internet routers, security cameras, digital video recorders (DVRs) and smart appliances. Many readers here have commented with ideas about how to counter vulnerabilities caused by out-of-date software in IoT devices, so why not pitch your idea for money? Who knows, you could win up to $25,000 in a new contest put on by the U.S. Federal Trade Commission (FTC).

@moixsec: The FTC’s Internet of Things (IoT) Challenge #cybersecurity #security

One of the biggest cybersecurity stories of 2016 was the surge in online attacks caused by poorly-secured “Internet of Things” (IoT) devices such as Internet routers, security cameras, digital video recorders (DVRs) and smart appliances. Many readers here have commented with ideas about how to counter vulnerabilities caused by out-of-date software in IoT devices, so why not pitch your idea for money? Who knows, you could win up to $25,000 in a new contest put on by the U.S. Federal Trade Commission (FTC).

The FTC’s IoT Home Inspector Challenge is seeking ideas for a tool of some sort that would address the burgeoning IoT mess. The agency says it’s offering a cash prize of up to $25,000 for the best technical solution, with up to $3,000 available for as many as three honorable mention winner(s).

The FTC said an ideal tool “might be a physical device that the consumer can add to his or her home network that would check and install updates for other IoT devices on that home network, or it might be an app or cloud-based service, or a dashboard or other user interface. Contestants also have the option of adding features such as those that would address hard-coded, factory default or easy-to-guess passwords.”

According to the contest’s home page, submissions will be accepted as early as March 1, 2017 and are due May 22, 2017 at 12:00 p.m. EDT. Winners will be announced on or about July 27, 2017.

I’m glad to see the FTC engaging the public on this important issue. Gartner Inc. forecasts that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from 2015, and will reach 20.8 billion by 2020. In 2016, 5.5 million new things will get connected each day, Gartner estimates. If only a fraction of these new IoT devices are shipped with sloppy security defaults — such as hard-coded accounts and passwords — the IoT problem is going to get a lot worse in the coming years.

Tags: Federal Trade Commission, FTC, Gartner Inc., internet of things, IoT, IoT Home Inspector Challenge, LG

This entry was posted on Wednesday, January 4th, 2017 at 12:56 pm and is filed under Other. You can follow any comments to this entry through the RSS 2.0 feed. You can skip to the end and leave a comment. Pinging is currently not allowed.

The solution to the internet of things is to develop another internet of things device that will come with it’s own set of security vulnerabilities. Does this sound like a real solution to the problem?

Here’s a novel idea.

Any company that wants to sell a device in the U.S. has to send an example to the FTC. The FTC puts the device on the internet and offers a bounty to anyone who can crack the device and provide details about how they did it. This information is provided to the vendor so they can plug the vulnerability. Until no one cracks the device for a specific period of time the vendor can’t sell the device in the U.S.

1st. Simple solution is to beat the bad guys to the punch. Have the various countries security authorities, run a combined IoT web crawler & change the username & password for every unsecure device they find. Thus is no longe ron defaults for the bad guys. Any local user with physical access can reset or recover the device if needs be, most never will !

2nd. Introduce worldwide (or local) sales legislation that every device should either be secure by design, or have to come with either an individual password, i.e. no default login credentials, sort of like a broadband router wifi key per device. Or be configured such that the end user MUST set a unique password before the device will function.

The FTC’s Internet of Things (IoT) Challenge — Krebs on Security

Comments are closed, but trackbacks and pingbacks are open.