The Pentagon research agency that helped invent the internet and GPS is inviting hackers to find flaws in its new mega-secure hardware.
Ethical hackers who spot vulnerabilities in the new technology created by the Defense Advanced Research Projects Agency (DARPA) will be rewarded with more than just a deep sense of satisfaction. For every flaw found, DARPA will be doling out a cash prize.
DARPA's July bug bounty contest is being held prior to the new technology going public in an effort to catch any weaknesses that may have been overlooked.
According to the Washington Post, the super-secure new technology is based on re-engineering hardware, such as computer chips and circuits, to make it more secure. It has been designed in this way so that hackers who rely on being able to undermine software to gain unauthorized access to systems and devices will find their attempts stymied.
If successful and widely adopted, this approach could see the era of releasing endless software updates to patch vulnerabilities unearthed by threat actors and ethical researchers finally draw to a close.
DARPA microsystems technology office program manager Keith Rebello said that the new hardware could declaw malicious hackers and give legitimate organizations the edge when it comes to cybersecurity.
“It [would have] a huge, huge impact,” said Rebello. “About 70 percent of all cyber-attacks are due to hardware vulnerabilities. If we can fix those permanently, we can take a large portion of the attack surface away.”
For DARPA's new contest, bug bounty hunters will be invited to try to crack a voter registration database and a medical database containing top secret research.
Explaining the choice of models, Rebello said: “We wanted to use demonstrations that are relevant to show the impact that we can have with this technology."
The new program was started in 2017 and is officially called System Security Integration Through Hardware and Firmware, or SSITH. DARPA has funded the hardware, but its construction is being completed by researchers and academics at places like the Massachusetts Institute of Technology, the University of Michigan, and Lockheed Martin.
SSITH will continue for one more year to allow vulnerabilities to be detected and fixed.