The U.S. Federal Trade Commission has announced a "prize competition" for creating a software or hardware-based solution with the ability to auto-patch vulnerable Internet of Things (IoT) devices.
Today we are surrounded by a number of Internet-connected devices. Our homes are filled with tiny computers embedded in everything from security cameras, TVs and refrigerators to thermostat and door locks.
While IoT is going to improve life for many, the number of security risks due to lack of stringent security measures and encryption mechanisms in the devices have increased exponentially, giving attackers a large number of entry points to affect you in some or the other way.
Remember Mirai Botnet?
A botnet of just 100,000 hijacked IoT devices was used to flood the Dyn DNS service with unwanted requests and close down the Internet for Millions of Users a few months ago.
At that time, Chinese firm Hangzhou Xiongmai Technology admitted its smart products – DVRs and internet-connected cameras – were inadvertently misused to launch the massive DDoS attack against Dyn.
Later, the Chinese firm rolled out patches for security vulnerabilities found in its IoT products, but due to hard-coded passwords and the fact that their makers implemented the devices in a way that they cannot easily be updated, the firm recalled some of its products.
The manufacturers sell IoT devices with no mechanism in place for automated patch updates and therefore, effective patch deployment is a big problem for IoT devices.
This leaves their consumers with unsupported or vulnerable internet-connected devices shortly after purchase. A huge number of devices rely on weak and simple password 1234, hardcoded password, backdoors, insecure protocols.
Now, in an attempt to find a solution that can be used against security vulnerabilities in IoT systems, the U.S. Federal Trade Commission has announced a "prize competition" for public, Computerworld reports.
The good news is you can earn up to $25,000 for a technical solution (tool) that "consumers can deploy to guard against security vulnerabilities in software on the Internet of Things devices in their homes."
The FTC is looking for a tool that could be used to perform automatic software updates for Internet-connected devices and up-to-date physical devices as well; wherein some will automatically update while others require users to adjust one or more settings.
The winning tool could be a physical device, an app or a cloud-based service that, at a minimum, will "help protect consumers from security vulnerabilities caused by out-of-date software," said the FTC.
The FTC will announce the winners in July. This new announcement is scheduled to be published Wednesday in the Federal Register.