IOT Village is designed to have a practical approach towards device hacking allowing the participants to win the gadgets they actually hack into. There is a wide range of devices like routers, webcams etc. available to be played with during DefCamp.
But beware! You will not be the only one trying …let’s see how you can handle the pressure!
So, if you’d like to discover and test some devices in order to see how secure they are and what are the limits you can break, this is going to be a contest you don’t want to miss.
Goal of the Competition
/ Identify and responsibly report vulnerabilities in IoT devices.
/ Each attendee/team that takes part in the contest will be given the means to connect to the network but own laptop is needed.
/ Each participant/team will then proceed to attack the devices announced in the contest using whatever tools or scripts they have at their disposal.
/ If the method used has unforeseen results thus making the device unavailable to others, make sure you announce the on-site arbitrator (one of the judges).
/ This is considered an accident and no action will be taken against the participant that used that method of attack.
/ If any of the participants/team needs to take a closer look or needs a reset device, please announce the on-site arbitrator (one of the judges).
/ No participant will be allowed to touch the devices at any given time. The only allowed way for the participants/teams to attack the devices is from the network side only.
/ No more than two participants will be allowed at any given time to get close to the devices.
/ If the participant finds a vulnerability on any of the devices, please announce it to the on-site arbitrator (one of the judges).
/ If the participant exploits a vulnerability on any of the devices, please announce it to the on-site arbitrator (one of the judges).
/ In case of a dispute, the on-site arbitrator (one of the judges) will have the final decision after hearing all the parties involved.
/ Please note that if any of the present rules are not followed as well as any disruptive and/or offensive actions towards any of the other participants/teams will not be tolerated and will result in the disqualification of the participant (and team if member of a team).
/ All vulnerabilities MUST BE REPORTED when found!
/ The on-site arbitrator (one of the judges) will move to see the vulnerability in action but the prize will not be validated until a complete and detailed write-up is submitted to the on-site arbitrators by email.
/ Note: prize validation can change from one participant to another depending on the risk of the vulnerability found and reported – but if you’ve got root first, the prize is yours.
/ 150 euros: first blood – must find, report and get validated for more than one vulnerability on any of the devices.
/ 150 euros: first multi kill – must find, report and get validated for more than one vulnerability on any 4 different devices.
/ 250 euros: first unstoppable – must find, report and get validated for more than one vulnerability on any 6 different devices.
/ 500 euros: [email protected] – must find, report and get validated for more than one 0-day vulnerability as well as “g0t r00t” status on any 2 different devices.
/ 500 euros: first Godlike – must find, report and get validated for more than one 0-day vulnerability as well as “g0t r00t” status on any 3 the devices
Sponsors & Partners
They help us make this conference possible.
As an infrastructure operator, technology integrator and IT&C services provider, Orange Business Services supports businesses and public entities in their digital transformation. Collect, transport, protect, store and process and analyze: they orchestrate every phase of the data journey, for your business to create even more value.