The US Federal Trade Commission has launched a new competition to increase the level of security in IoT products.
Dubbed the IoT Home Inspector Challenge, the federal agency is challenging the public to create a tool that consumers can use to guard against security vulnerabilities in software found on Internet of Things (IoT) devices in their homes.
It said on its website, that such a tool would at a minimum, help protect consumers from security vulnerabilities caused by out-of-date software. Contestants have the option of adding features, such as those that would address hard-coded, factory default or easy-to-guess passwords.
Submissions should also address how the tool will avoid or mitigate any additional security risks that the tool itself might introduce into the consumer’s home by, for example, probing the home network or facilitating software upgrades.
Any tool submitted must also be a technical solution rather than a policy of legal one, the FTC said. Also, the competition does not require a fully functional prototype. “The contestant can make a prototype or use mock-ups or other means to show in the video how the tool would work,” said the FTC.
IoT vendors responsible for security failings
Pascal Geenens, Radware’s EMEA security evangelist, told Internet of Business that, according to his firm’s research, some 69 percent of consumers already hold device manufacturers responsible for making sure devices in consumers’ homes can’t be manipulated by hackers to launch attacks against others.
“Manufacturers deserve the pressure that is being put on them. These devices often use factory default credentials, have root passwords that can’t be changed, and have Telnet or SSH enabled, the devices are essentially Trojans with a secret backdoor. And when many manufacturers source their boards and software from the same sources, it creates vast numbers of devices easily compromised,” he said.
Ryan Lester, director of IoT Strategy at Xively by LogMeIn, told IoB that IoT comes with a whole new set of security challenges and product companies must ensure that security is purpose-built for the IoT and that it is entrenched in every aspect – infrastructure, apps, connections, etc.
“Product companies also need to avoid security shortcuts, such as embedded private keys and weak authentication, which can speed up the development phase but can be quite risky and negatively affect consumer confidence in the long term. A thorough evaluation of the security implications will ultimately save time and cost of flaws discovered down the road. The consequences of which can be financially debilitating and long-lasting,” he said.
The prize for the competition is up to $25,000, with $3,000 available for each honorable mention winner(s). Winners will be announced on or about July 27, 2017. The competition is only open to citizens or permanent residents of the US.