DARPA Improv program, weaponizing the off-the-shelf electronics

The Defense Advanced Research Projects Agency is launching a new project dubbed Improv that aims to develop new techniques to hack into everyday technology.

The IoT paradigm is enlarging as never before our surface of attack, it is obvious that cyber criminals and nation-state hackers are looking at it with an increasing interest.

The US Military Defense Advanced Research Projects Agency (DARPA) is asking American geeks to develop new techniques to turn everyday IoT objects into cyber weapons.

The DARPA is launching a new project dubbed Improv that aims to develop new techniques to hack into everyday technology.

The DARPA’s intent it to involve researchers, industry vendors, and hobbyists in finding new attack vectors for embedded devices and consumer technology.

IoT technology is being wide adopted in various industries, including transportation, healthcare and home automation. DARPA is particularly interested in off-the-shelf technology that could be abused by malicious attackers to cause damage on a large scale.

The Improv project aims to discover new attack vector targeting “easily purchased, relatively benign technologies.”

“The Defense Advanced Research Projects Agency (DARPA) Improv program is soliciting innovative research proposals for prototype products and systems that have the potential to threaten current military operations, equipment, or personnel and are assembled primarily from commercially available technology.” reads the Synopsis of the Improv program.

“Improv will explore ways to combine or convert commercially available products such as off-the-shelf electronics, components created through rapid prototyping, and open-source code to cost-effectively create sophisticated military technologies and capabilities.” explained the program manager John Main.

“To bring a broad range of perspectives to bear, DARPA is inviting engineers, biologists, information technologists and others from the full spectrum of technical disciplines—including credentialed professionals and skilled hobbyists—to show how easily-accessed hardware, software, processes, and methods might be used to create products or systems that could pose a future threat. “

“Improv is being launched in recognition that strategic surprise can also come from more familiar technologies, adapted and applied in novel ways.”

In the first phase of the Improv program, DARPA will accept submissions from the public on possible attack techniques relying on easily-available technologies.

The DARPA will select most interesting projects that will be supported by the agency in various ways, including economic funding.

“DARPA will assess candidate ideas and offer varying levels of support to develop and test selected proposals. The emphasis will be on speed and economy, with the goal of propelling winning submissions from concept to simple working prototypes within about 90 days.” states the DARPA

The Improv will help the US Military to identify possible attack vectors of potential cyber threats, but many experts believe that the US Government is also thinking about new attack vectors to maintain it supremacy in the cyberspace.

“DARPA often looks at the world from the point of view of our potential adversaries to predict what they might do with available technology,” said Main.

“Historically we did this by pulling together a small group of technical experts, but the easy availability in today’s world of an enormous range of powerful technologies means that any group of experts only covers a small slice of the available possibilities.”

If you are interested in the project follow the special webinar issued by the DARPA on March 29 and 30.

Pierluigi Paganini

(Security Affairs – Improv program, DARPA)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.