Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Endpoint Security

FTC Seeks Tools for Securing Home IoT Devices

The U.S. Federal Trade Commission (FTC) announced on Wednesday the launch of a contest that aims to find solutions for securing the Internet of Things (IoT) devices deployed in consumers’ homes.

The U.S. Federal Trade Commission (FTC) announced on Wednesday the launch of a contest that aims to find solutions for securing the Internet of Things (IoT) devices deployed in consumers’ homes.

The IoT Home Inspector Challenge seeks a technical solution for addressing vulnerabilities in IoT devices. The FTC said the tool can be a physical device installed on the user’s home network, an app, a cloud-based service, or a dashboard.

The minimum requirement is that the tool addresses vulnerabilities caused by outdated software, but it can also include other security features, such as ones designed to mitigate the risk of hardcoded or weak passwords.

Participants will need to submit an abstract, a short video demonstrating how the tool works, and a detailed technical explanation. However, a fully functional prototype is not required as long as there is enough information to evaluate the tool. The winning submission will be selected based on criteria such as scalability, user-friendliness and how well it works.

Submissions will be evaluated by a panel of five judges. The top prize is $25,000, but the FTC is also prepared to reward three other competitors with up to $3,000.

The FTC has pointed out that proposed solutions must work on existing IoT products, they must properly protect the information they collect, and they must avoid introducing additional security risks.

Registration will open on or around March 1 and contestants must enter their submissions by May 22. In the first round of the challenge, up to 20 participants will be selected based on the videos and abstracts they submit. In the next and final round, contestants will have to provide a detailed explanation of how their solution works. Winners will be announced on July 27.

Advertisement. Scroll to continue reading.

IoT botnets such as Mirai and BASHLITE, which have hijacked and abused millions of devices worldwide, have made companies and governments realize the importance of securing Internet-connected devices.

The FTC is not the only organization offering a reward for IoT security solutions. In October, the non-profit research and development organization MITRE announced a prize of $50,000 for novel ideas in detecting rogue IoT devices on a network. MITRE’s challenge is expected to end in mid-January.

Related Reading: Solving IoT Security – Pursuing Distributed Security Enforcement

Related Reading: IoT Malware Will Soon Surround Us

Related Reading: DDoS Attacks Are Primary Purpose of IoT Malware

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.