Cyber security news for all

More

    Pentagon’s research arm, DARPA, invites hackers to break hardware

    As part of continuously tightening cybersecurity, the research arm of the Pentagon- Defense Advanced Research Projects Agency (DARPA) has invited white-hat hackers to test out its security chip. The aim is to establish a more protected and stable foundation for the chips; by introducing a host of attacks, before production. The white-hat hackers stand to gain $25,000 from bugs found.

    A DARPA program manager, Keith Rebello had this to say; “we need the researchers to roll their sleeves up and dig into what we’re doing and try to break it.” At this stage in the program, we want to wring out all the bugs we can; this can help the industry break a “vicious cycle” of patching vulnerable systems that have already been deployed.”

    He hopes in the commercialization of computer chips coming out of the hardware program in two to four years.

    Software and Hardware bug bounty involve separate testing components and techniques. The former is ubiquitary and isn’t hard to sort. But the latter comprises determining how computer chips process data. However, expertise needed in this field is scarce.

    This rarity has prompted DARPA to reach out to Synack, a Silicon-based penetration testing company. The bug bounty event slated for July and it will run through September. Synack will test the hackers and filter out the best. Those picked, together with hackers from Synack, will then participate in the program. Synack’s hackers will also examine if the DARPA-backed hardware can impede hacks by revamping current vulnerabilities.

    Establishing the goal of the organization, Synack CTO, Mark Kuhr told Cyberscoop, “it’s not about patching the vulnerabilities, it’s about preventing the exploit. Synack CTO Mark Kuhr told CyberScoop.

    While protecting the integrity of the chip, the hackers will not be given full access to the chips; instead, they will attempt to crack the systems hosted in a cloud computing network. Voters registration database and Covid-19-related medical records are among the intended targets for the hackers. The selection of those records was due to past cases that saw Russian hackers hacked into Illinois’ voter registration files back in 2016 and the various incidences of government spies trying to get the coronavirus data.

    Two years back, a vulnerability in Spectre and Meltdown rendered computer chips ineffective. This incident has been the driving-force of chip-producing companies like Intel, who have pledged to invest more in security. On the other hand, DARPA doesn’t want to take the risk but is working around the clock to avoid the production of flawed chips.

    While speaking about the method applied by the parastatal, Keith added, “the way that we prevent [microprocessors] from doing bad things currently is that we patch the software that is sending them the Instructions. We’re just putting Band-Aids [on the problem] … and those Band-Aids can lead to other vulnerabilities and other errors.”

    He hopes the computer chips coming out of the hardware program can be commercialized in two to four years.

    Joe FitzPatrick, an Oregon-based hardware security instructor said, “the bug bounty’s program’s success will hinge on its ability to attract people with the talent and time to focus on breaking the DARPA hardware. While there may be thousands of bounty hunters capable of finding software issues, the deep architectural stuff they’re looking for takes a unique skill set.”

     

     

    Recent Articles

    macOS Trojans: Traces lead to Vietnam

    Security researchers have discovered a new macOS Trojans. Behind this could be a well known hacker group that has spied on Vietnamese dissidents in...

    Court forces Tutanota to perform a surveillance function

    Tutanota email only stores its user mails in encrypted form and cannot read them itself. Tutanota is one of the few email providers that...

    Manchester United have been blackmailed by cyber attackers

    The Premier League club Manchester United fell victim to a cyber attack according to the Daily Mail. The cyber criminals are apparently demanding ransom in...

    TikTok has fixed a serious security gap issue

    TikTok accounts paid a researcher a reward of 4000 dollars after he reported two vulnerabilities as part of a disclosure. A combination of both...

    Passwords should be changed for Fortinet VPNs

    Administrators should change the access for Fortinet VPNs in use. Log-in information for almost 50,000 VPN networks has appeared in various cyber blogs. A security...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox