On the weekend of August 7 to 10, at DEFCON 22 in Las Vegas, hackers will take to the conference floor to go up against one another in one of the event’s first vulnerability vaulting competitions that will pit researcher against researcher in a bloody battle to the finish, seeing who can crack the most routers with the most vulnerabilities at once.
Playfully christened SOHOplessly Broken, the event is the culmination of a close collaboration between security professionals at Independent Security Evaluators (ISE), and the Electronic Frontier Foundation, who have been ruthlessly attacking both Washington and ISPs for their lackluster dedication to keeping the open web free of threats on their hunt for surveillance techniques and privacy-busting supremacy.
ISE has been on the scent of these types of cracks for years, and were able to expose a range of holes in 16 of the most popular consumer routers in 2013 alone just by running simple tests on their architecture which shouldn’t have taken the companies who manufacture them more than a few engineers to discover on their own.
“Despite abundant research and evidence that SOHO (small office/home office) devices are highly vulnerable to malicious compromise, the vulnerable trends continue, the groups wrote on the competition website. “Our hope is that this contest sheds light on the need for manufacturers to better secure these devices by shining a spotlight on them.”
For part one of the two-part engagement, hackers must devise their own zero-day vulnerabilities that could be applied to a variety of cross-platform applications such as routers, internal networking hardware, and mobile Wi-Fi hotspots like those provided by cell phone carriers such as Verizon, T-Mobile, and AT&T.
The second portion of the gathering will be slightly more light-hearted in nature, acting as a sort of “capture the flag” style relay race that will pit two collections of engineers against a series of routers, as they attempt to crack each one faster than the other in an all out sprint to the finish line. As each router falls, a baton is passed from one member of the team to the next until every objective is cleared and a winner is declared at the podium.
Competitions like these have proven themselves as a highly effective way to rid the net of some of the hardest to scrub bugs, mostly due to the fact that unlike regular bug bounties provided by the companies at risk which can be paltry at best, centralized prize pools like those seen at similar gatherings like Pwn2Own and PACWest can often reach into the millions of dollars, enticing top talent from around the country to try their hand at some of the most difficult to crack puzzles in the security world.
The company behind the bandwidth brawl spoke optimistically about the upcoming event on their website, but were sure to back it up by stating that while they enjoy the sportsmanship involved in these types of contests, they also hoped for a day when they would no longer be necessary to ensure the safety of the Internet and all those who inhabit it.
“From shoddy code to blatant backdoors, the excitement never seems to end — though, we’d like it to.”