The FTC’s Internet of Things (IoT) Challenge

One of the biggest cybersecurity stories of 2016 was the surge in online attacks caused by poorly-secured “Internet of Things” (IoT) devices such as Internet routers, security cameras, digital video recorders (DVRs) and smart appliances. Many readers here have commented with ideas about how to counter vulnerabilities caused by out-of-date software in IoT devices, so why not pitch your idea for money? Who knows, you could win up to $25,000 in a new contest put on by the U.S. Federal Trade Commission (FTC).

Electronics giant LG said at the Consumer Electronics Show (CES) today that all of its devices from now on will have Wi-Fi built in. Image: @Karissabe

Electronics giant LG said today at the Consumer Electronics Show (CES) that all of its appliances from now on will have Wi-Fi built in and be connected to the cloud. Image: Mashable

The FTC’s IoT Home Inspector Challenge is seeking ideas for a tool of some sort that would address the burgeoning IoT mess. The agency says it’s offering a cash prize of up to $25,000 for the best technical solution, with up to $3,000 available for as many as three honorable mention winner(s).

The FTC said an ideal tool “might be a physical device that the consumer can add to his or her home network that would check and install updates for other IoT devices on that home network, or it might be an app or cloud-based service, or a dashboard or other user interface. Contestants also have the option of adding features such as those that would address hard-coded, factory default or easy-to-guess passwords.”

According to the contest’s home page, submissions will be accepted as early as March 1, 2017 and are due May 22, 2017 at 12:00 p.m. EDT. Winners will be announced on or about July 27, 2017.

I’m glad to see the FTC engaging the public on this important issue. Gartner Inc. forecasts that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from 2015, and will reach 20.8 billion by 2020. In 2016, 5.5 million new things will get connected each day, Gartner estimates. If only a fraction of these new IoT devices are shipped with sloppy security defaults — such as hard-coded accounts and passwords — the IoT problem is going to get a lot worse in the coming years.

https://krebsonsecurity.com/feed/