Feds cite use of internet-connected cameras to launch botnet attack as proof that better security is needed Credit: Thinkstock The U.S. Federal Trade Commission is scheduled to announce Wednesday a “prize competition” for a tool that can be used against security vulnerabilities in internet of things systems.The prize pot is up to $25,000, with $3,000 available for each honorable mention. The winners will be announced in July. The announcement is scheduled to be published Wednesday in the Federal Register.The tool, at a minimum, will “help protect consumers from security vulnerabilities caused by out-of-date software,” said the FTC.The government’s call for help cites the use of internet-enabled cameras as a platform for a distributed denial of service (DDoS) attack last October. Weak default passwords were blamed. The FTC wants automatic software updates for IoT devices and up-to-date physical devices. Some devices will automatically update, but many require consumers to adjust one or more settings before they will do so, the FTC said. The winning entry could be a physical device, an app or a cloud-based service.This isn’t the first time the FTC has offered cash for software tools. In 2015, it awarded $10,500 to developers of an app that could block robocalls. The winners of that contest were Ethan Garr and Bryan Moyles, the co-inventors of the RoboKiller app, both of whom work for TelTech Systems, a communications technology startup. Their winning app was initially developed as a side project.“It gave us something to work toward,” said Garr, of the FTC contest, in an interview. “It gave us a deadline, which in technology is really valuable because software projects can go on forever without one.”Their contest submission included an iPhone with the installed app. They also had to pay their own expenses to attend a DefCon conference in Las Vegas for the FTC’s final judging.“I don’t think they get enough credit for how passionate they are in solving the problem,” said Garr, the vice president of product TelTech, of the people involved in the FTC’s effort.The initial version of RoboKiller forwarded all calls to the app’s servers for analysis. It used an “audio-fingerprinting algorithm” to quickly determine whether it was a robocall or not.A new version incorporates Apple’s new CallKit technology to identify robocalls. Users can also set up conditional call forwarding to TelTech’s servers for those calls that are declined, for instance. The service will check multiple databases for information about the call, and the developers plan to soon roll out an additional feature that will show a photo of the caller from social media. It charges $1/month for the service. The FTC’s IoT patching plan may have limits. One issue with IoT security is embedded devices that may continue to operate long after their last patch, and may even survive the companies that created the systems. Related content news Conti-linked ransomware takes in $107 million in ransoms: Report A ransomware campaign linked to the ostensibly defunct Conti malware group has targeted mostly US businesses, in a costly series of attacks. By Jon Gold Nov 30, 2023 4 mins Ransomware Malware Cybercrime news Okta confirms recent hack affected all customers within the affected system Contrary to its earlier analysis, Okta has confirmed that all of its customer support system users are affected by the recent security incident. By Shweta Sharma Nov 30, 2023 3 mins Data Breach news Top cybersecurity product news of the week New product and service announcements from Wiz, Palo Alto Networks, Sophos, SecureAuth, Kasada, Lacework, Cycode, and more. By CSO staff Nov 30, 2023 17 mins Generative AI Security feature How to maintain a solid cybersecurity posture during a natural disaster Fire, flood, eathquake, hurricane, tornado: natural disasters are becoming more prevalent and they’re a threat to cybersecurity that isn’t always on a company’s radar. Here are some ways to prepare for the worst. By James Careless Nov 30, 2023 8 mins Security Operations Center Data and Information Security Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe