AT&T Sponsors Zero-Day Hacking Contest For Kids

yahoi writes "AT&T has teamed up with an 11-year-old hacker and DefCon Kids to host a hacking contest during the second annual conference that runs in conjunction with the adult Def Con hacker show later this month in Las Vegas. The kid who finds the most zero-day bugs in mobile apps wins $1,000 and an IPad, courtesy of DefCon Kids. The contest was inspired by the mini-hacker's discovery last year of a whole new class of mobile app vulnerabilities."

$1,000 and an iPad? For one kid? Cheap bastards.

[reubenavery]

Maybe its just the cynic in me, but this seems like a real rip off. How many bugs will be discovered in total? And how much would it cost to have an actual Q/A department find those bugs?

Child labor in sheep's clothing?

Re:

[Kaptain Kruton]

That was my first thought too. However, you must remember they are looking for flaws in mobile apps... not necessarily mobile apps written by AT&T. In the article, it gave an example of a young girl that is working with AT&T finding a specific flaw that existed in several games.

Re:

[Inda]

What would you give the mini-hacker?

A car? A house? A pony?

Kudos and a medal is enough. Being able to brag to classmates is enough. An iThing is more than enough (I'd prefer the kudos myself).

Re:

[Anonymous Coward]

What would you give the mini-hacker?

A car? A house? A pony?

Clearly you give them "1337" merit badges. All the other kids get "p0wned" written in Sharpie on their foreheads.

Re:

[Ghubi]

That's pretty much what I think about the whole crowd-sourcing X prize phenomenon. This is what happens when a society institutes greed as a moral virtue.

Re:

[dkleinsc]

Also, what they may be going for is a situation in which they can truthfully advertise "We sponsored a contest for lots of hackers to find bugs, and they couldn't find anything." (while carefully omitting the fact that the hackers in question were all 11-year-olds)

There's another flaw too, which is this: "Hey kids, want to make way more than that lame iPad? If your hack is really clever, sell it to our totally legitimate Russian company for $15,000." (Actually, that's a problem with all white hat hacking, b

Q/A?

[antdude]

Why is there a slash for "quality assurance"? :P

Re:

[Darinbob]

Hey, they're taking kids to Vegas. With all the booze and blackjack and strippers they won't even care about the ipads.

Thank goodness!

[FreedomOfThought]

Glad to see they are encouraging white hat hacking. I hope they remain effective. Thousand dollars seems a little low. Surely they can do better, and put it towards their future education needs.

Re:Thank goodness!

[__aaeihw9960]

Exactly - you catch the little fellas and ladies while they're young, that way they don't turn into black-hats later. This is called investing in the future, and there needs to be shitloads more of it. I don't care if they don't catch anything major, just investing in them and showing that older folks value their insight goes a long way, ask any teacher.

Re:

[k(wi)r(kipedia)]

$1000 isn't low for what's probably a bug too minor to win, say, a Chrome or Firefox bounty. Besides, the goal is to get kids into thinking about security, not to give them jobs as penetration testers or elite hax0rs.

Re:

[FreedomOfThought]

Shouldn't there still be some sort of program to further their knowledge if they should deem necessary? If a child wins the contest, and shows potential, then why give them a $1000 and end it there? You are right about possibly not winning a Chrome/Firefox bounty, but lets get them there.

Re:

[k(wi)r(kipedia)]

My worry is that the young participants would see this as the sort of bribe parents give their kids to make them do their homework. "Hey, Junior, if you study your math, I'll take you to the theme park on Sunday."

Somebody's completely clueless

[sgt_doom]

Huh????? AT&T is the principal force behind the end of network neutrality, although there are many who would argue they've already ended it.
Why in the bloody H don't you realize this? Obey the master corporation, huh? Say, dood, any idea who actually owns AT&T???

Re:

[FreedomOfThought]

I'm sorry; I fail to see the point you are trying to make. By your logic, I should ignore any good things that anyone ever does because of a differing perspective on how things should be. Of course, I may have interpreted your statements incorrectly as they seem off topic and rather aimless and confused. I'm sure I have some tin-foil around here somewhere that I could make a hat out of and send to you. Consider it a gift from the "dood" who blindly "obey[s] the master corporation[s]".

Re:

[FreedomOfThought]

Or have I been trolled by a pro?

That $1000 will not cover the full 2 year data pla

[Anonymous Coward]

That $1000 will not cover the full 2 year data plan cost that comes with that Ipad.

Re:

[Envy Life]

Haha... nice catch!

Re:

[nazsco]

Not to mention it's the least hacker friendly device ever.

Always laugh my ass off when i see macs at hacker conferences and they turn out to not be hype journalists.

Re:

[hackula]

What's wrong with a hacker using a mac? If it's good enough for Otacon, it's good enough for any hacker.

Re:

[BryanL]

Maybe I missed something, but where does it say this is a 3G iPad? Even if it is, getting a wireless plan over 2 years at $30 a month for the 3GB plan only comes out to $720. I hate to see troll comments get modded +5 informative based on hate.

Defcon, I am disappoint

[sl4shd0rk]

Android seems like a much more logical choice for hacker-friendly computing.

Re:

[Ghubi]

I think finding zero day bugs fits better with the current meaning of hacking than with it's original meaning.

one week later:

[Gravis Zero]

AT&T Hacked By 11-Year-Old. Demands 20 Year Sentence

be careful what you ask for, you just might get it.

How about about not using the term "hacking"?

[GodfatherofSoul]

To me it implies either some sort of intrusion attempt or code-and-go design. Seems like the definition war has been lost on that front. Either way, these kids are testers, not hackers.

Coming to the industry relatively late in life, I've seen a youth fascination with the deconstructor rather than the constructor side of the industry that probably isn't doing any of us any good.

Condescending bullshit for kids.

[GNUALMAFUERTE]

They say "She found a whole new kind of exploit", and that she's found many zero-day exploits in mobile apps.

Ok. So I keep reading. Here's all of it: She changes the date on her phone so the trial lasts longer. That's it.

We've been doing that for decades. I did when I was 10 too, in DOS, and so did most of you. An entire generation changed their machine's date so we could use expired trials. We did this back in the 80's, and none of us got press as 1337 hax0rz for it.

This is the equivalent of every kid is a winner, for technology. Everyone is a computer genius at this conference, even if they can't code and all they do is play with their phone all day long and try to beat trials using a technique that's 30 years old,and that's not technical at all.

Re:

[kelemvor4]

The truth is, we're all winners. Because out of all those sperm, we're the ones who made it!

Re:

[Anonymous Coward]

The truth is, we're all winners. Because out of all those sperm, we're the ones who made it!

Worst Prize Ever

Re:

[dutchwhizzman]

Maybe it's not new for us, but it's new for the platform and developers that get tricked by such a simple hack should be ashamed of themselves. I think that's enough merit for an 11 year old to be getting some sort of reward for their discovery. Taking this initiative and actively hosting a contest this year so kids get an idea about IT security, not to mention all the grown ups that get to hear about it too, is way more valuable than "we did that years ago on the platforms we used as kids".

Re:

[GNUALMAFUERTE]

Your post doesn't make any sens. "we did that years ago on the platforms we used as kids" is exactly the point here.

It's like making reports and giving rewards to kids that manage to cross the street in order to get grown ups to hear about road safety. There are better ways, and since any kid can do it, and kids have been doing so for ages, it's not something to be rewarded or praised.

Something seems off here...

[kelemvor4]

AT&T is sponsoring a hacking contest? They're also giving away an ipad? Apple is going to be furious!