IoT VillageIOT Village is designed to have a practical approach towards device hacking allowing the participants to win the gadgets they actually hack into. There is a wide range of devices like routers, webcams etc. available to be played with during DefCamp. But beware! You will not be the only one trying …let’s see how you can handle the pressure! So, if you’d like to discover and test some devices in order to see how secure they are and what are the limits you can break, this is going to be a contest you don’t want to miss.

This competition is organised & sponsored by Bitdefender Romania.

Identify vulnerabilities in IoT devices.

Rules of Engagement

  • Each attendee/team that takes part in the contest will be given the means to connect to the network but own laptop is needed.
  • Each participant/team will then proceed to attack the devices announced in the contest using whatever tools or scripts they have at their disposal.
  • If the method used has unforeseen results thus making the device unavailable to others, make sure you announce the on-site arbitrator (one of the judges). This is considered an accident and no action will be taken against the participant that used that method of attack.
  • If any of the participants/team needs to take a closer look or needs a reset device, please announce the on-site arbitrator (one of the judges). No participant will be allowed to touch the devices at any given time. The only allowed way for the participants/teams to attack the devices is from the network side only.
  • No more than two participants will be allowed at any given time to get close to the devices.
  • If the participant finds a vulnerability on any of the devices, please announce it to the on-site arbitrator (one of the judges).
  • If the participant exploits a vulnerability on any of the devices, please announce it to the on-site arbitrator (one of the judges).
  • In case of a dispute, the on-site arbitrator (one of the judges) will have the final decision after hearing all the parties involved.
  • Please note that if any of the present rules are not followed as well as any disruptive and/or offensive actions towards any of the other participants/teams will not be tolerated and will result in the disqualification of the participant (and team if member of a team).
  • All vulnerabilities MUST BE REPORTED when found!
  • The on-site arbitrator (one of the judges) will move to see the vulnerability in action but the prize will not be validated until a complete and detailed write-up is submitted to the on-site arbitrators by email.
  • Note: prize validation can change from one participant to another depending on the risk of the vulnerability found and reported – but if you’ve got root first, the prize is yours.

Prizes & Targets

1. Routers

2. Network Attached Storage

3. Security Systems

4. Home appliances

5. Printer

Brother HL-L8260CDW Wireless Colour Laser Printer

6. Cold Hard Cash

  • 50 euros: first blood – must find, report and get validated for more than one vulnerability on any of the devices.
  • 50 euros: first multi kill – must find, report and get validated for more than one vulnerability on any 4 different devices.
  • 100 euros: first unstoppable – must find, report and get validated for more than one vulnerability on any 9 different devices.
  • 100 euros: [email protected] – must find, report and get validated for more than one 0-day vulnerability as well as “g0t r00t” status on any 2 different devices.
  • 200 euros: first Godlike – must find, report and get validated for more than one 0-day vulnerability as well as “g0t r00t” status on any 6 the devices.

Organizers of 2017 edition

The participants will be under the watchful eyes of the jury composed of:

  • Andrei Rusu (Software Architect @ Bitdefender)
  • Bogdan Cazacu (Chief Information Officer @ CCSIR)

The helper squad will consist of:

  • Diana Olaru (Front-End Developer)
  • Bogdan Calarasu (Junior System Administrator)

Sponsors & Partners

They help us make this conference possible.

Stay Updated - Join Our Newsletter