Break the technology, write open-source, and get rewarded!

Technologies are an integral part of our modern life—they store, use, and transmit our personal data and private information. Their technological obsolescence, security-wise thoughtless design, or high complexity cause these technologies to become vulnerable and directly exploitable. Did you know that:

• Your GSM calls can be anonymously eavesdropped by anyone with a device cheaper than $2000?

• The A5/3 cipher used in “more secure” 3G communication has already been broken?

• The Mifare Classic RFID chips, massively used worldwide and in Slovakia for tram tickets, university/ISIC cards, parking cards, or building and swimming pool access, were practically broken a few years ago, yet they are still used, and anyone in your physical proximity can completely read your card (including your first and last name), modify it at will, clone it, or irreversibly destroy it?

• The Hitag2 chip used in car keys for Renault, Opel, Peugeot, Citroen has been broken?

• The KeeLoq cipher used in car keys for Chrysler, Daewoo, Fiat, General Motors, Honda, Toyota, Volvo, Volkswagen, or Jaguar can be broken in 2 days?

• All these technologies are still being used and widely deployed, with manufacturers and suppliers often considering these threats as merely theoretical and practically unfeasible, and in an effort to save costs, they neglect their security?

• This situation endangers the privacy of ordinary people and perfectly suits the criminal underworld, which can exploit these vulnerabilities for their own benefit?

Long-term practice in IT security worldwide shows that one of the few effective means to force operators and manufacturers of vulnerable technologies to fix or replace them with more secure ones is the publication of a so-called “Proof-Of-Concept”—i.e., a functional implementation that practically demonstrates the exploitation of the given technology.

The IT security company Nethemba, which supports secure technologies and open-source software, has decided to dedicate a sum of 500 to 2500 € (depending on the technology and complexity of the implementation) for the development of a functional and public implementation that would practically demonstrate the exploitation of various technologies.

The implementation can be written in any programming language, as long as the interface to the given technology does not require the use of a specific language (e.g., C or Java).

The implementation will be published under the open-source GNU GPLv2 license (in case of mutual agreement, another open-source license can be used).

Target group of solvers:

• Students of technical universities (suitable topic for a diploma or bachelor thesis)

• Members of hackerspaces

• Anyone with a lot of free time, enthusiasm, and knowledge

Support from Nethemba:

• Complete financial coverage of the project, purchase, and provision of specific hardware

• Project management, technical assistance, and consultations from our employees

• Connection with the community—with other solvers of the given project or researchers in the field

• In case of successful implementation of any project, Nethemba will adhere to ethical principles of its publication

Conditions for reward payment:

• The reward (500-2500 €) is paid only to the first functional implementation of the given project

• Collaboration on the project is possible, in which case the reward is divided among the individual solvers

• The implementation must be published under an open-source license

Validity of the action:

Until revoked by Nethemba.