Software Integrity Blog

 

World’s top hackers meet at the first 5G Cyber Security Hackathon

Our Defensics R&D team put a couple of Synopsys tools to the test in the 5G Cyber Security Hackathon in Oulu, Finland, and placed in both of their competitions.

World’s top hackers meet at the first 5G Cyber Security Hackathon

In late November 2019, Traficom (Finnish Transport and Communications Agency), together with Nokia, Ericsson, and University of Oulu, invited the world’s top hackers to participate in the first 5G Cyber Security Hackathon in Oulu, Finland. Whoever found the most vulnerabilities in the building blocks of the competition’s 5G network would win.

As it happens, Oulu is home to Synopsys’ Defensics R&D team. With the Black Duck research team in Belfast, they make up part of our Cybersecurity Research Center (CyRC). CyRC works to accelerate access to information around the identification, severity, exploitation, mitigation, and defense against software vulnerabilities. With the help of the Defensics fuzzing tool, the Oulu team discovered the Heartbleed vulnerability, among others, and continues to perform protocol-based research.

Preparing for the hackathon

When the Defensics R&D group in Oulu heard about the competition, they formed a hackathon team, SIGKILL, with the aim of putting a couple of Synopsys products—with a few features still under development—to the test. They used Defensics, for fuzz testing, and Black Duck Binary Analysis, for software composition analysis, with the thought that using the two tools together was the best approach.

Defensics is a comprehensive fuzzing solution with support for almost 300 network protocols and file formats, including deep coverage of cellular network protocols and the 5G family. In fact, Defensics is the leading commercial 5G fuzzer. Synopsys also provides the Defensics SDK, which allows customers to use the Defensics framework to develop their own test suites. Defensics is an excellent tool for finding unknown vulnerabilities.

Black Duck Binary Analysis (BDBA) comes at vulnerability analysis from a different angle. It performs software composition analysis on binaries without the need for source code or any additional information. BDBA identifies open source components in software, as well as known vulnerabilities, licenses, and information leakage (e.g., user credentials, keys, email addresses, URLs) related to those components.

The 5G Cyber Security Hackathon event

The 5G Cyber Security Hackathon started at 8 p.m. on Friday, Nov. 29, and continued for 24 hours. Traficom and University of Oulu, says team member Pekka Oikarainen, “organized the perfect environment for the hackathon: a dark university filled with light from dozens of screens and futuristic music from several Bluetooth speakers. The hackers’ tables were covered with laptops and all sorts of technical equipment for finding vulnerabilities, some quite exotic.” Nokia, Ericsson, and University of Oulu each hosted a different competition. SIGKILL chose to participate in two of the three.

Our Defensics research team at the 5G Cyber Security Hackathon in Oulu, Finland

After the competition, in authentic Finnish style, the team proceeded to enjoy sauna, organized in beautiful Nallikari.

Sunday morning and announcement of winners

Pekka Oikarainen, software engineering manager at Synopsys, recalls the events after the hackathon: “I had enjoyed our hacking weekend very much, but staying up nights had taken its toll. So I decided to sleep through the announcement of winners Sunday morning. At 9:13 I woke to the sound of my phone. A message had arrived: ‘We won 3rd prize from the Ericsson track.’ My sleepiness went away instantly, and my heart was racing. At 9:14 I got another message: ‘We also won 3rd prize from Nokia.’ I couldn’t believe it! We’d won medals in both competitions! I couldn’t stay home any longer. I ran to my car and raced to the university to meet up with my colleagues and celebrate our bronze-medal wins.”

The SIGKILL team placed third in both their hackathon competitions.

The SIGKILL team (from left to right): Miro Karvonen (sr. software engineer, expert in web security), Toni Hakanen (software engineer, expert in authentication, authorization, and access control), Pekka Oikarainen (software engineering manager, security specialist), Kari Hulkko (staff software engineer, expert in wireless technologies), and Jani Tuovila (sr. software engineer, security champion).

Synopsys would like to congratulate SIGKILL and our skilled Oulu team members for their achievements in this prestigious competition!

Learn more about our cyber security research efforts

 

More by this author