Virtual hacker vs. real hacker and the war is fought on the web

Mayhem software, after winning the hacking competition organized by Darpa, is preparing to put its functionality at the service of the real world

Mayhem software, developed by Pittsburgh-based startup ForAllSecure, won a two million dollar prize for uncovering more "bugs" in a computer system than its competitors in the virtual hacker challenge at the recent Grand Challenge competition.

The win was just the beginning, says David Brumley - a professor at Carnegie Mellon and co-founder of ForAllSecure - because now we're training Mayhem to find vulnerabilities in some commercial software, including devices such as routers, and fix them on its own. I test hanno lo scopo di scoprire se il software è davvero in grado di affrontare e vincere anche questa sfida e rendere questi device a prova di hacker, quelli in carne e ossa. Non va dimenticato che dietro il blackout della rete verso la fine dell’anno scorso che ha messo in ginocchio sito come Twitter e Reddit, c’era un enorme botnet di dispositivi compromessi e trasformati, a loro insaputa, in soldati dei cyber criminali.

Hacker virtuali

hacker-4.jpgFonte foto: Shutterstock

Clicca sull’immagine per accedere alla gallery con 5 consigli su come difendersi dagli hacker

«Oggi, quando una macchina viene compromessa, ci vogliono giorni o settimane prima che qualcuno se ne accorga, e ci voglioni giorni o settimane prima che sia rilasciata una patch in grado di sanare la vulnerabilità, e non sempre le aziende ci riescono» puntualizza Brumley. "Imagine, then, a way in which - for the first time - a hacker is able to exploit a flaw that is then immediately 'patched'." And thanks to the work of a virtual hacker like Mayhem.

Routers at risk, but not only that...

(Taken from YouTube)

Brumley, last year, published the results of Mayhem's analysis of more than 2,000 router firmware images. It found that 40 percent, which equates to 89 different products, suffered from at least one vulnerability. The software had, previously, identified 14 unknown vulnerabilities affecting 69 different pieces of software. The U.S. Department of Defense, in light of these results, is collaborating with ForAllSecure to find a solution that allows Mayhem to move freely in the magnum sea of the web with the task of finding and correcting all vulnerabilities independently. There are those who see this solution of a virtual hacker, completely autonomous, scurrying around the network to fix all the bugs it encounters, as a risk. Brumley recognizes the  problem, but human oversight would slow down the process. But he's also convinced that these virtual hackers will be able to prove their worth, and eventually be allowed to operate gradually without the need for someone's oversight to fix vulnerabilities found everywhere.