Kaspersky Lab challenges whitehats to find flaws of IoT devices
Kaspersky Lab is inviting ethical hackers, known as whitehats, from across the world to test the security of smart devices and industrial systems as it launches its fourth international industrial Capture the Flag (CTF) security competition.
Any release of a new piece of technology is usually followed by waves of hacking attempts as cybercriminals search for vulnerabilities. But unlike blackhats who are looking to exploit systems and new technologies for illegal purposes, whitehats are working towards the prevention of criminal acts and their consequences. Once a vulnerability is found, whitehats hand their research directly to vendors so the software can be immediately patched.
Kaspersky Lab’s annual CTF competition gathers the most talented whitehats from all over the world to challenge their expertise with practical tasks. As all the participants are trying to resolve actual problems in cybersecurity rather than artificial scenarios, the impact of the findings will be significant and a number of previously unknown vulnerabilities and attack vectors will be discovered during the competition.
The teams participating in the competition will also be given an opportunity to demonstrate their skills in the finals at the Kaspersky Security Analyst Summit (SAS) in Singapore next year.
Prior to this, online qualifying rounds will be held on November 23-24, 2018. Participants will be asked to resolve different types of challenges, including questions and tasks in cryptography, reverse engineering, web-vulnerabilities, network protocols, and other popular task categories. There is also a fun segment, which will include unexpected and creative puzzles that require a holistic approach.
To ensure the competition represents a realistic environment, organizers will evaluate participants according to the factual difficulty of the tasks and uniqueness of the knowledge required to solve them. This is why the reward for each question will be evaluated in real-time and changed in accordance with the number of teams which managed to solve it. This means that puzzles solved by the largest number of participants will be worth the least points, while challenges that prove to be sophisticated enough to be cracked by only a few entrants will be more valuable.
The top three teams with the largest score will compete to be crowned the overall winner in April 2019 during the SAS event. All travel and accommodation expenses for the top three teams will be covered by Kaspersky Lab.
“We are surrounded by smart devices and rely on them in our everyday life more and more, while IoT malware grows and differentiates rapidly. This year’s competition could give us unique insights into the landscape of smart device security. To maximize the impact, we will try to make this year’s finals a bit different from previous ones, and the participants will face surprises, just like they would if they were trying to resolve cyberthreats in real life,” said Vladimir Dashchenko, Head of Vulnerability Research at Kaspersky Lab ICS CERT.
For more information and to register, the competition website is now up at http://ctf.kaspersky.com.