Skip to main content

DARPA Announces First Bug Bounty Program to try to crack its new generation of super-secure hardware


 Bug Bounties and AI Systems: The Case of AI Self-Driving Cars - AI ...

About DARPA (Defense Advanced Research Projects Agency)

The Pentagon research agency that helped invent the internet and GPS is inviting hackers to find flaws in its new mega-secure hardware.from the processors powering smartphones to the embedded devices keeping the Internet of Things humming – have become a critical part of daily life. The security of these systems is of paramount importance to the Department of Defense (DoD), commercial industry, and beyond. To help protect these systems from common means of exploitation, DARPA launched the System Security Integration Through Hardware and Firmware (SSITH) program in 2017. Instead of relying on patches to ensure the safety of our software applications, SSITH seeks to address the underlying hardware vulnerabilities at the source. Research teams are developing hardware security architectures and tools that protect electronic systems against common classes of hardware vulnerabilities exploited through software.
Bug bounty programs are commonly used to assess and verify the security of a given technology, leveraging monetary rewards to encourage hackers to report potential weaknesses, flaws, or bugs in the technology. This form of public Red Teaming allows organizations or individual developers to address the disclosed issues, potentially before they become significant security challenges.
“The FETT Bug Bounty is a unique take on DARPA’s more traditional program evaluation efforts,” said Keith Rebello, the DARPA program manager leading SSITH and FETT. “FETT will open SSITH’s hardware security protections to a global community of ethical researchers with expertise in hardware reverse engineering to detect potential vulnerabilities, strengthen the technologies, and provide a clear path to disclosure.” If you Want to read official post click here
-------------------------------------------------------------------------------------------------------------------------ACCORDING TO WASHINGTON POST– The Pentagon’s top research agency thinks it has developed a new generation of technology that will make voting machines, medical databases and other critical digital systems far more secure against hackers.Now, the Defense Advanced Research Projects Agency, which helped invent GPS and the Internet, is launching a contest for ethical hackers to try to break into that technology before it goes public. DARPA is offering the hackers cash prizes for any flaws they find using a program called a “bug bounty.”The new technology is based on re-engineering hardware, such as computer chips and circuits, so that the typical methods hackers use to undermine the software that runs on them become impossible. That’s far different from the standard approach to cyber security, in which tech companies release a never-ending stream of software patches every time bad guys discover a new bug.
Ethical hackers who spot vulnerabilities in the new technology created by the Defense Advanced Research Projects Agency (DARPA) will be rewarded with more than just a deep sense of satisfaction. For every flaw found, DARPA will be doling out a cash prize.
DARPA's July bug bounty contest is being held prior to the new technology going public in an effort to catch any weaknesses that may have been overlooked.
The new program was started in 2017 and is officially called System Security Integration Through Hardware and Firmware, or SSITH. DARPA has funded the hardware, but its construction is being completed by researchers and academics at places like the Massachusetts Institute of Technology, the University of Michigan, and Lockheed Martin. 
SSITH will continue for one more year to allow vulnerabilities to be detected and fixed.


Labels:

Comments

Post a Comment

Popular posts from this blog

List Of Sql Infected Sites-HACKEREAD

SQL injection  is a  code injection  technique, used to  attack  data-driven applications, in which malicious  SQL  statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).  SQL injection must exploit a  security vulnerability  in an application's software, for example, when user input is either incorrectly filtered for  string literal   escape characters  embedded in SQL statements or user input is not  strongly typed  and unexpectedly executed. SQL injection is mostly known as an attack  vector  for websites but can be used to attack any type of SQL database. List of SQL Infected sites:  http://www.genhound.co.uk/source.php?id=477 http://www.lcoastpress.com/journal.php?id=8 http://www.travellers-tales.co.uk/travelJournal.php?id=42 http://www.arrowvalves.co.uk/content.php?id=8 http://www.reaplasrack.co.uk/content.php?id=129 http://www.arrowval...
Post a Comment
Read more

Google dork list for XSS (Cross- site scripting)-2020

GOOGLE DORK LIST FOR Cross-site scripting -2020 Google Dorks  its also known as google query ,List “Google Hacking” is mainly referred to pull the sensitive information from Google using advanced search terms that help users to search the index of a specific website, specific file type and some interesting information from unsecured Websites. Google Dorks list  2020 can uncover some incredible information such as email addresses and lists, login credentials, sensitive files, website vulnerabilities, and even financial information (e.g. payment card data). Here you can see an example to understand how  Google Darks   password  used by hackers to gain sensitive information from specific websites. You can also use for Exploit DB site to give you according to you Search state. https://www.exploit-db.com/ “ inurl: domain/ ” “ additional dorks A hacker would simply use in the desired parameters as follows: inurl = the URL of a site you want...
Post a Comment
Read more

Popular Android Zombie game phish users to steal Gmail credentials

The app made its way to Google Play Store was also found phishing users for Facebook credentials. Scary Granny ZOMBY Mod: The Horror Game 2019 is the latest game on Google Play Store that is condemned by the digital security fraternity for sneakily stealing personal data from unsuspecting users. The game, which has been downloaded for over 50,000 times, was available for Android devices making Android users its primary target. The malicious app attempts to collect sensitive information such as Facebook and Gmail login credentials. The malicious activities of Scary Granny ZOMBY Mod were detected by the mobile security firm Wandera. The company found out that the app asks users to enter their Gmail or other Google account credentials, which are then used for collecting private data of the user by hijacking the account –  All of this happens, unsurprisingly, without alerting the user. Gmail phishing page on the supposed gaming app (Screenshot: Wandera) Rese...
Post a Comment
Read more