At the Hacker Oscars: An Award for Junk Hacking

The Pwnie Awards will include a category for Junk Hacking this year, as organizers search for inspiring hacks of mundane objects.
The Pwnie Awards will include a category for Junk Hacking this year, as organizers search for inspiring hacks of mundane objects.

In-brief: The hacker community’s Oscars, The Pwnie Awards, will include a category for Junk Hacking this year, as organizers search for inspiring hacks of mundane objects.

In a sign that hacking connected “things” is joining the mainstream of the information security awards, The Pwnies, a long-running awards ceremony that is the hacker community’s equivalent of The Oscars (or at least The People’s Choice Awards) is adding an award for “Junk Hacking” to its 2016 roster.

The awards, which are handed out at the annual Black Hat Briefings conference in Las Vegas in August, added a “Pwnie for Best Junk Hack” to its list of new awards. But in a nod to the security industry’s penchant for stunt hacking and the technology industry’s penchant for unwarranted complexity, the award will be given to researchers who “discovered and performed the most needlessly sophisticated attack against the most needlessly Internet-enabled ‘Thing.'”

The Best Junk Hack category is among a slew of new award categories that are being added this year, the 10th year that the Pwnie Awards have been held. Among other new categories that are being added are Pwnies for the “Best Cryptographic Attack,” the “Best Backdoor,” and the closely related “Best Stunt Hack,” awarded to “the researchers, their PR team, and participating journalists for the best, most high-profile, and fear-inducing public spectacle that resulted in the most panic-stricken phone calls from our less-technical friends and family members.”

Justine Bone is one of a host of security luminaries who judge the Pwnie Awards each year.
Justine Bone is one of a host of security luminaries who judge the Pwnie Awards each year.

The awards have always mixed high praise with heaping doses of humility for an industry that is often in danger of taking itself too seriously. Categories range from Most Innovative Research to “Most Over-hyped Bug” and “Most Epic Fail.”

Justine Bone, Chief Technology Officer at the firm Vult.com, said that combination applies to the Junk Hacking category. The Internet of Things has only amped the silliness, giving an IP address to everything from kitchen appliances to tooth brushes to stuffed animals.  

Despite all the silliness, however, Bone said that the community can learn from efforts to compromise connected stuff, which can still inspire subtle and creative hacks that have wider applications. “It may be that there’s some exploit in your connected toothbrush that could also be used against a home security system,” she said.

The Pwnie for Junk Hacking tries to walk that line: looking for the sublime in the midst of the ordinary…or even stupid, Bone said.

Anyone can nominate a recipient for a Pawnie using the organization’s web site. Judges include information security nobility: Ms. Bone, noted vehicle hackers Charlie Miller and Chris Valasek, Dino Dai Zovi and David Aitel of Immunity Security, among others. The deadline for submitting nominations is July 1. Nominees will be announced July 3 and the awards ceremony will take place alongside BlackHat USA in Las Vegas on August 3.

One Comment

  1. The Pwnies, a long-running awards ceremony that is the hacker community’s equivalent of The Oscars (or at least The People’s Choice Awards) is adding an award for “Junk Hacking” to its 2016 roster… [I]n a nod to the security industry’s penchant for stunt hacking and the technology industry’s penchant for unwarranted complexity, the award will be given to researchers who “discovered and performed the most needlessly sophisticated attack against the most needlessly Internet-enabled ‘Thing.'”

    Among other new categories that are being added are Pwnies for the “Best Cryptography Attack,” the “Best Backdoor,” and the closely related “Best Stunt Hack,” awarded to “the researchers, their PR team, and participating journalists for the best, most high-profile, and fear-inducing public spectacle that resulted in the most panic-stricken phone calls from our less-technical friends and family members”… Anyone can nominate a recipient for a Pwnie using the organization(TM)s web site.Though the award targets pointless products on the Internet of Things, one judge points out that “It may be that there’s some exploit in your connected toothbrush that could also be used against a home security system…”