麻豆村

For the second year in a row, Carnegie Mellon鈥檚 competitive hacking team, the (PPP), has taken home the top prize at the .

Over the course of three months, PPP, and 79 other collegiate-level teams, worked to design and implement a key fob system for a car door lock, protecting the car from unauthorized entry and preventing attacks such as replays and key fob cloning.

PPP鈥檚 win came in a landslide, scoring over 10,000 more points than the competition鈥檚 second-place finisher. CyLab Security and Privacy Institute Project Scientist , who co-advised the team with Electrical and Computer Engineering (ECE) Professor and Information Networking Institute (INI) Associate Teaching Professor , credited the victory to the group鈥檚 composition and work ethic.

鈥淥ur team has strong expertise in both embedded development and attacks,鈥� said Woo. 鈥淥ur students worked hard and were committed, and they were able to organize themselves to take advantage of the large team size.鈥�

The annual competition saw teams from the United States and around the world, with a record-breaking 546 student participants. Notably, PPP finished ahead of hackers from the University of California, Santa Cruz (2nd place), and the University of Illinois Urbana-Champaign (3rd place).

The competition had two phases 鈥� design and attack. Each phase offered opportunities to score points by obtaining flags and submitting them to the live eCTF scoreboard.

During the design phase, hackers acted as a team of engineers at a car manufacturer, designing and building the embedded software that would get provisioned on the next line of cars and key fobs sold to customers. In the attack phase, teams had the opportunity to analyze other groups鈥� designs, identifying security flaws as they aimed to unlock and start the vehicles without authorization from the vehicle owners.

eCTF competitions are unique from other CTF competitions because they focus on embedded systems security. Students not only defend against traditional cybersecurity attack vectors but also need to consider hardware-based attacks such as side-channel attacks, fault injection attacks and hardware modification attacks.

鈥淭hese competitions offer students a unique opportunity to combine the knowledge and skill sets obtained in various cybersecurity, computer science and computer engineering classes and apply them to real-world situations,鈥� said INI Assistant Teaching Professor . 鈥淥ver the years, former students have shared how these experiences impacted their careers and their understanding of the concepts we discuss in class.鈥�

鈥淏efore competing in eCTFs, I had almost no security experience. Thanks to competitions like this, I now understand the basics of cryptosystems and have gained hands-on experience performing attacks and designing secure systems,鈥� said Carson Swoveland, a junior in ECE.

鈥淭his competition was a fantastic opportunity to apply hardware attacks I had only read about in practice,鈥� says ECE master鈥檚 student Eliana Cohen. 鈥淚 learned a ton, and I鈥檓 excited to apply my experience as I begin my career.鈥�

Funding for this year鈥檚 team was made possible by several current and former CyLab Security and Privacy Institute partners: Amazon Web Services,聽AT&T, Cisco, Infineon, Nokia Bell Labs, Rolls Royce and Siemens.