FTC will pay you to build an IoT security checker

The Federal Trade Commission (FTC) wants the public to take a crack at developing tools to improve security around Internet of Things (IoT) devices.

Specifically, the FTC is hosting a competition challenging the public to create a technical solution that would, at a minimum, help protect consumers from security vulnerabilities caused by out-of-date software. Contestants have the option of adding features, such as those that would address hard-coded, factory default or easy-to-guess passwords.

The prize for the competition is up to $25,000, with $3,000 available for each honorable mention winner(s). Winners will be announced on or about July 27The submission deadline is May 22 at noon eastern time.

Security experts have long predicted threats targeting everyday home devices connected to the internet. The threat was made plain last fall when Mirai malware was used to hijack internet-facing webcams and other devices into massive botnets that were then used to launch a coordinated assault against Dyn, one of several companies hosting the the Domain Name System (DNS). That attack crippled such major sites as Twitter, Paypal, Netflix and Reddit.

For 2017, Sophos predicts a rise in threats against devices that are part of the IoT. James Lyne, global head of security research for Sophos, discussed the threat in a recent interview that aired on CNBC’s On the Money.

“The sharks have smelled the blood in the water and they’re now circling to use your IoT device for further attacks,” Lyne said.

Mirai’s attacks exploited only a small number of devices and vulnerabilities and used basic password-guessing techniques, Lyne said. But bad actors will find it easy to extend their reach because there are several IoT devices containing outdated code based on poorly-maintained operating systems and applications with well-known vulnerabilities.

That being the case, he said to expect many more IoT exploits, better password guessing and more compromised IoT devices being used for DDoS or perhaps to target other devices hooked to larger networks.

If the FTC contest is any indication, the threat is now firmly on the mainstream radar.