IOT Village is designed to have a practical approach towards device hacking allowing the participants to win the gadgets they actually hack into. There is a wide range of devices like routers, webcams etc. available to be played with during DefCamp.
But beware! You will not be the only one trying …let’s see how you can handle the pressure!
So, if you’d like to discover and test some devices in order to see how secure they are and what are the limits you can break, this is going to be a contest you don’t want to miss.
Be sure to pre-register for the IoT Village to reserve your spot and make the most of it! Just use the Registration button to your right and fill in the details.
Goal of the Competition
/ Identify and responsibly report vulnerabilities in IoT devices.
/ Each attendee/team that takes part in the contest will be given the means to connect to the network but own laptop is needed.
/ Each participant/team will then proceed to attack the devices announced in the contest using whatever tools or scripts they have at their disposal.
/ If the method used has unforeseen results thus making the device unavailable to others, make sure you announce the on-site arbitrator (one of the judges).
/ This is considered an accident and no action will be taken against the participant that used that method of attack.
/ If any of the participants/team needs to take a closer look or needs a reset device, please announce the on-site arbitrator (one of the judges).
/ No participant will be allowed to touch the devices at any given time. The only allowed way for the participants/teams to attack the devices is from the network side only.
/ No more than two participants will be allowed at any given time to get close to the devices.
/ If the participant finds a vulnerability on any of the devices, please announce it to the on-site arbitrator (one of the judges).
/ If the participant exploits a vulnerability on any of the devices, please announce it to the on-site arbitrator (one of the judges).
/ In case of a dispute, the on-site arbitrator (one of the judges) will have the final decision after hearing all the parties involved.
/ Please note that if any of the present rules are not followed as well as any disruptive and/or offensive actions towards any of the other participants/teams will not be tolerated and will result in the disqualification of the participant (and team if member of a team).
/ All vulnerabilities MUST BE REPORTED when found!
/ The on-site arbitrator (one of the judges) will move to see the vulnerability in action but the prize will not be validated until a complete and detailed write-up is submitted to the on-site arbitrators by email.
/ Note: prize validation can change from one participant to another depending on the risk of the vulnerability found and reported – but if you’ve got root first, the prize is yours.
/ 150 euros: first blood – must find, report and get validated for more than one vulnerability on any of the devices.
/ 150 euros: first multi kill – must find, report and get validated for more than one vulnerability on any 4 different devices.
/ 250 euros: first unstoppable – must find, report and get validated for more than one vulnerability on any 6 different devices.
/ 500 euros: H@x0r – must find, report and get validated for more than one 0-day vulnerability as well as “g0t r00t” status on any 2 different devices.
/ 500 euros: first Godlike – must find, report and get validated for more than one 0-day vulnerability as well as “g0t r00t” status on any 3 the devices
Sponsors & Partners
They help us make this conference possible.
Orange „brings you closer to what matters to you”.
This is our brand promise: to bring our clients closer to what’s essential to them and to keep them always connected and in touch with the latest technologies, by offering them the best and safest communication experience.