The Internet of Things isn't exactly a secure platform: Baby monitors, Wi-Fi routers, and refrigerators can expose homeowners to malicious attacks.
But while industry giants fight for better safeguards, the government is turning to its constituency to help save the day.
The Federal Trade Commission invites members of the public to create a technical solution to protect consumers and their homes from IoT security vulnerabilities. In return, there's cash on offer.
Submissions to the IoT Home Inspector Challenge must provide a technical solution (as opposed to a policy or legal fix), that works on existing devices and protects information collected "in transit and at rest."
The tool could be a physical device, an app or cloud-based service, or user interface. According to the Challenge website, it would, "at a minimum, help protect consumers from security vulnerabilities caused by out-of-date" software and firmware.
Proposals should address how the tool "will avoid or mitigate any additional security risks that [it] might introduce into the consumer's home," the FTC's criteria summary said. Submission should include an abstract (a title and brief description), short video demonstration (via YouTube or Vimeo), and detailed written explanation of the tool.
Five judges will assess each entry based on how well it works (60 points out of 100 total score), how user-friendly it is (20 points), and how scalable it is (20 points). For an additional 10 points, folks can address other ways to help guard against broader IoT security vulnerabilities.
Related
- DDoS Attackers Exploited Insecure IoT Gadgets From Chinese CompanyDDoS Attackers Exploited Insecure IoT Gadgets From Chinese Company
Ideas will be accepted until 12pm Eastern on May 22. For more information on the judges and the complete rules, visit the FTC's Challenge website.
Prize winners can earn up to $25,000 for their idea; $3,000 will be available for each honorable mention; the FTC expects to announce victors in July.
The Broadband Internet Technical Advisory Group in November published a plan to help boost the security of the millions of devices that make up the IoT. Google, T-Mobile, Cisco, and several other tech companies called for a major shift in the way manufacturers approach security: They should be "restrictive instead of permissive," the advisory group said. So, instead of automatically allowing Internet traffic—in some cases without a password or firewall—IoT devices of the future should be inaccessible to inbound connections by default.