Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
HP will launch a hacking contest where participants will be awarded for compromising mobile devices.
Based on the Pwn2Own contest, which is held at the CanSecWest conference in Vancouver, this will be held at EUSecWest in Amsterdam in September.
HP said that this will be specifically geared at the mobile device industry, with prizes of up to $US200,000 offered to the first researcher in each category to successfully compromise a device via a mobile web browser, Near Field Communication (NFC), SMS cellular baseband.
HP said that the primary goal is to demonstrate the current security posture of the most prevalent mobile technologies in use today, and competitors will be able to use a radio frequency (RF) enclosure to conduct the ‘attacks' without violating local laws.
To enter, contestants can pre-register by email at zdiAThp.com. On-site registration will still be available if the targets have not been compromised and if the required hardware and software prerequisites are available. Each contestant will have a 30-minute time slot in which to complete their attempt (not including time to set up the network or device prerequisites).
A successful attack against these devices must require little or no user interaction and must compromise or exfiltrate useful data from the phone. Any attack that can incur cost upon the owner of the device (such as silently calling long-distance numbers, eavesdropping on conversations and so forth) is within scope.
To avoid interfering with licensed carrier networks, all RF attacks must be completed within the provided RF isolation enclosure and the vulnerabilities utilised in the attack must be a zero-day.
ZDI (Zero Day Initiative) reserves the right to determine what constitutes a successful attack and all vulnerabilities revealed by contest winners will be disclosed to affected vendors through HP's Zero Day Initiative.
Winners will receive the device itself, a BlackBerry PlayBook courtesy of RIM and the prize money is $US100,000 for the cellular baseband compromise; $US40,000 each for the SMS and NFC compromises and $US20,000 for the mobile web browser attack.
Also awarded is 20,000 ZDI reward points, automatically qualifying the winner for silver standing, to include a one-time $US5,000 cash payment, 15 per cent monetary bonus on all ZDI submissions over the next calendar year, a 25 per cent reward point bonus on all ZDI submissions over the next calendar year and paid travel and registration to attend the 2013 DefCon in Las Vegas.
This article originally appeared at scmagazineuk.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.
