AT&T Sponsors Zero-Day Hacking Contest For Kids

yahoi writes "AT&T has teamed up with an 11-year-old hacker and DefCon Kids to host a hacking contest during the second annual conference that runs in conjunction with the adult Def Con hacker show later this month in Las Vegas. The kid who finds the most zero-day bugs in mobile apps wins $1,000 and an IPad, courtesy of DefCon Kids. The contest was inspired by the mini-hacker's discovery last year of a whole new class of mobile app vulnerabilities."

$1,000 and an iPad? For one kid? Cheap bastards.

[reubenavery]

Maybe its just the cynic in me, but this seems like a real rip off. How many bugs will be discovered in total? And how much would it cost to have an actual Q/A department find those bugs?

Child labor in sheep's clothing?

Thank goodness!

[FreedomOfThought]

Glad to see they are encouraging white hat hacking. I hope they remain effective. Thousand dollars seems a little low. Surely they can do better, and put it towards their future education needs.

Re:Thank goodness!

[__aaeihw9960]

Exactly - you catch the little fellas and ladies while they're young, that way they don't turn into black-hats later. This is called investing in the future, and there needs to be shitloads more of it. I don't care if they don't catch anything major, just investing in them and showing that older folks value their insight goes a long way, ask any teacher.

Re:Thank goodness!

[k(wi)r(kipedia)]

$1000 isn't low for what's probably a bug too minor to win, say, a Chrome or Firefox bounty. Besides, the goal is to get kids into thinking about security, not to give them jobs as penetration testers or elite hax0rs.

Re:Thank goodness!

[FreedomOfThought]

Shouldn't there still be some sort of program to further their knowledge if they should deem necessary? If a child wins the contest, and shows potential, then why give them a $1000 and end it there? You are right about possibly not winning a Chrome/Firefox bounty, but lets get them there.

Re:Thank goodness!

[k(wi)r(kipedia)]

My worry is that the young participants would see this as the sort of bribe parents give their kids to make them do their homework. "Hey, Junior, if you study your math, I'll take you to the theme park on Sunday."

That $1000 will not cover the full 2 year data pla

That $1000 will not cover the full 2 year data plan cost that comes with that Ipad.

Defcon, I am disappoint

[sl4shd0rk]

Android seems like a much more logical choice for hacker-friendly computing.

Re:$1,000 and an iPad? For one kid? Cheap bastards

[Kaptain+Kruton]

That was my first thought too. However, you must remember they are looking for flaws in mobile apps... not necessarily mobile apps written by AT&T. In the article, it gave an example of a young girl that is working with AT&T finding a specific flaw that existed in several games.

Re:$1,000 and an iPad? For one kid? Cheap bastards

[Inda]

What would you give the mini-hacker?

A car? A house? A pony?

Kudos and a medal is enough. Being able to brag to classmates is enough. An iThing is more than enough (I'd prefer the kudos myself).

Re:$1,000 and an iPad? For one kid? Cheap bastards

It would be nice if AT&T could fix their shitty service. They are shit and I'm sick of them throttling back the service as well if I'm lucky enough to even get a connection lately.

Get them when there young

You know what they say. Get them when they are young. Maybe they can take the meaning of hacking back to it's original meaning.

Re:Get them when there young

[Ghubi]

I think finding zero day bugs fits better with the current meaning of hacking than with it's original meaning.

Re:That $1000 will not cover the full 2 year data

[Envy+Life]

Haha... nice catch!

Re:That $1000 will not cover the full 2 year data

troll. ipad doesn't require a contract, and doesn't even require you to activate it at purchase. go away, you wasted attempt at snark.

Re:$1,000 and an iPad? For one kid? Cheap bastards

What would you give the mini-hacker?

A car? A house? A pony?

Clearly you give them "1337" merit badges. All the other kids get "p0wned" written in Sharpie on their foreheads.

one week later:

[Gravis+Zero]

AT&T Hacked By 11-Year-Old. Demands 20 Year Sentence

be careful what you ask for, you just might get it.

How about about not using the term "hacking"?

[GodfatherofSoul]

To me it implies either some sort of intrusion attempt or code-and-go design. Seems like the definition war has been lost on that front. Either way, these kids are testers, not hackers.

Coming to the industry relatively late in life, I've seen a youth fascination with the deconstructor rather than the constructor side of the industry that probably isn't doing any of us any good.

Re:$1,000 and an iPad? For one kid? Cheap bastards

[Ghubi]

That's pretty much what I think about the whole crowd-sourcing X prize phenomenon. This is what happens when a society institutes greed as a moral virtue.

Re:$1,000 and an iPad? For one kid? Cheap bastards

I know, I just wanted to vent since I saw At&t ;)

Not a career, a contest!

And they wonder why kids aren't considering a career in information security! Because all I see in the news are these contests where professional-level work might win someone a pittance. No one wants to pay for information security. Why would they, when they can sponsor a contest and get people to do it for next to nothing? Where did this stuff come from, anyway?

Condescending bullshit for kids.

[GNUALMAFUERTE]

They say "She found a whole new kind of exploit", and that she's found many zero-day exploits in mobile apps.

Ok. So I keep reading. Here's all of it: She changes the date on her phone so the trial lasts longer. That's it.

We've been doing that for decades. I did when I was 10 too, in DOS, and so did most of you. An entire generation changed their machine's date so we could use expired trials. We did this back in the 80's, and none of us got press as 1337 hax0rz for it.

This is the equivalent of every kid is a winner, for technology. Everyone is a computer genius at this conference, even if they can't code and all they do is play with their phone all day long and try to beat trials using a technique that's 30 years old,and that's not technical at all.

Re:Condescending bullshit for kids.

[kelemvor4]

The truth is, we're all winners. Because out of all those sperm, we're the ones who made it!

Re:Condescending bullshit for kids.

Oh man, on real arcade I used to extract the binary launcher from the timer launcher and replace the timer launcher with the binary launcher so that I'd have unlimited play time. (It's simpler than it sounds exe1 when opened creates exe2 replace exe1 with the created exe2 before exe1 deletes exe2). Good times were had when I was thirteen (about 9 years ago)

Re:Condescending bullshit for kids.

The truth is, we're all winners. Because out of all those sperm, we're the ones who made it!

Worst Prize Ever

Re:Condescending bullshit for kids.

They don't say what OS she is using, since they are giving away iPads I wonder if it's Apple. If it is shouldn't she removed from being allowed to use Apple products for a year? She is showing a security hole that allows people to jump though timed areas of games that people can pay good money to get a full grown crop right now! Think if someone uses a mobile time clock for payroll this can really mess up things!
 
Oh by the way - GET OFF MY LAWN!

Re:Condescending bullshit for kids.

[dutchwhizzman]

Maybe it's not new for us, but it's new for the platform and developers that get tricked by such a simple hack should be ashamed of themselves. I think that's enough merit for an 11 year old to be getting some sort of reward for their discovery. Taking this initiative and actively hosting a contest this year so kids get an idea about IT security, not to mention all the grown ups that get to hear about it too, is way more valuable than "we did that years ago on the platforms we used as kids".

Re:Condescending bullshit for kids.

[GNUALMAFUERTE]

Your post doesn't make any sens. "we did that years ago on the platforms we used as kids" is exactly the point here.

It's like making reports and giving rewards to kids that manage to cross the street in order to get grown ups to hear about road safety. There are better ways, and since any kid can do it, and kids have been doing so for ages, it's not something to be rewarded or praised.

Something seems off here...

[kelemvor4]

AT&T is sponsoring a hacking contest? They're also giving away an ipad? Apple is going to be furious!

Re:That $1000 will not cover the full 2 year data

[nazsco]

Not to mention it's the least hacker friendly device ever.

Always laugh my ass off when i see macs at hacker conferences and they turn out to not be hype journalists.

Re:$1,000 and an iPad? For one kid? Cheap bastards

[dkleinsc]

Also, what they may be going for is a situation in which they can truthfully advertise "We sponsored a contest for lots of hackers to find bugs, and they couldn't find anything." (while carefully omitting the fact that the hackers in question were all 11-year-olds)

There's another flaw too, which is this: "Hey kids, want to make way more than that lame iPad? If your hack is really clever, sell it to our totally legitimate Russian company for $15,000." (Actually, that's a problem with all white hat hacking, but kids are generally easier to entice because they haven't developed such flaws as a sense of morality.

Re:That $1000 will not cover the full 2 year data

[BryanL]

Maybe I missed something, but where does it say this is a 3G iPad? Even if it is, getting a wireless plan over 2 years at $30 a month for the 3GB plan only comes out to $720. I hate to see troll comments get modded +5 informative based on hate.

Re:That $1000 will not cover the full 2 year data

[hackula]

What's wrong with a hacker using a mac? If it's good enough for Otacon, it's good enough for any hacker.

do they ant us to hack the ipods?

done....

Somebody's completely clueless

[sgt_doom]

Huh????? AT&T is the principal force behind the end of network neutrality, although there are many who would argue they've already ended it.
Why in the bloody H don't you realize this? Obey the master corporation, huh? Say, dood, any idea who actually owns AT&T???

Re:Somebody's completely clueless

[FreedomOfThought]

I'm sorry; I fail to see the point you are trying to make. By your logic, I should ignore any good things that anyone ever does because of a differing perspective on how things should be. Of course, I may have interpreted your statements incorrectly as they seem off topic and rather aimless and confused. I'm sure I have some tin-foil around here somewhere that I could make a hat out of and send to you. Consider it a gift from the "dood" who blindly "obey[s] the master corporation[s]".

Re:Somebody's completely clueless

[FreedomOfThought]

Or have I been trolled by a pro?

Q/A?

[antdude]

Why is there a slash for "quality assurance"? :P

Re:$1,000 and an iPad? For one kid? Cheap bastards

Maybe its just the cynic in me, but this seems like a real rip off. How many bugs will be discovered in total?

Most likely zero. Maybe the winner actually finds one.

These are kids, dude. It's a PR thing to encourage kids to go into software careers, they're not actually going to be useful compared to someone who has training and experience.

Re:$1,000 and an iPad? For one kid? Cheap bastards

[Darinbob]

Hey, they're taking kids to Vegas. With all the booze and blackjack and strippers they won't even care about the ipads.

Re:$1,000 and an iPad? For one kid? Cheap bastards

How many bugs? Almost zero, because kids are brainless little bastards.