The Pwn2Own security contest, in which researchers compete to exploit vulnerabilities in popular consumer products in exchange for cash prizes and ownership of the items in question, is to extend to cover Internet of Things (IoT) products for the first time amid growing concerns over the lack of security-focused thinking in their development.
“The Internet of Things is rapidly expanding into all aspects of our lives, from the smart home to the factory floor and connected cars, but products are often rushed to market without enough attention paid to their security,” claims Brian Gorenc, director of vulnerability research for Trend Micro and member of the Zero Day Initiative which organises the Pwn2Own events. “The ZDI is committed to helping remedy this situation by revealing vulnerabilities to vendors and minimising their risk of being exploited. That’s why we’ve extended the scope of this year’s Pwn2Own Tokyo contest beyond the standard mobile devices. We’re looking forward to seeing what some of the world’s best researchers bring to the event.”
Extending what was previously known as Mobile Pwn2Own, the new event will add consumer-oriented Internet of Things products including the Amazon Echo, Amazon Cloud Cam, Google Home, and Nest Cam IQ to the list of target devices, along with popular smartphone products. Each vulnerability discovered and demonstrated is eligible for a cash prize of up to $150,000, while details of the precise nature of the vulnerability are kept private pending responsible disclosure to the companies involved.
Pwn2Own Tokyo is schedule to take place on the 13th and 14th of November during the PacSec security conference in Japan. More information is available on the Zero Day Initiative website.