Silhouette of Hacker with Purple Lights
08 June 2020



Call for Security Researchers with Reverse Engineering Skills

Come Secure the Future of Hardware with Synack, DARPA and DDS



The Defense Advanced Research Projects Agency (DARPA) is now partnering with the Department of Defense’s Defense Digital Service (DDS) and Synack, the trusted crowdsourced security company, to tackle an advanced implementation of a novel security prototype developed through the DARPA System Security Integration Through Hardware (SSITH) program. SSITH’s mission is to develop hardware security architectures and associated design tools that will help to protect systems against classes of hardware vulnerabilities exploited through software.  As part of this effort, DARPA is working to make SSITH instances available for a hacking challenge to detect potential security vulnerabilities. This engagement is for the Finding Exploits to Thwart Tampering (FETT) Bug Bounty. Synack will be hosting a crowdsourced security engagement in coordination with DDS where we will invite vetted, ethical researchers to test DARPA’s implementation of SSITH. 

In the words of Defense Digital Service’s  Daniel Bardenstein, Digital Service Expert, “The FETT Bug Bounty is a unique opportunity for researchers to peer into what could be the future of hardware security. This assessment will test cutting-edge hardware implementations that are trying to eliminate some foundational vulnerabilities in modern computers, such as buffer overflows.” He further states, “We’re excited to kick off this bug bounty challenge with Synack and DARPA to further demonstrate the effectiveness of crowdsourced security.”



Electronic security is increasingly a priority in making hardware secure. Instead of addressing the root problem, organizations have relied on software development and integration to address some hardware vulnerabilities. They may deploy patches to the software applications that work temporarily, but creative researchers can work around the patch to exploit the hardware vulnerability. This is why DARPA has been working with SRI/Cambridge, MIT, University of Michigan, and Lockheed Martin to develop hardware security architectures and design tools to protect systems against specific types of hardware vulnerabilities.



Security researchers will be given access to emulated systems running on Amazon EC2 F1 instances. Each FPGA based emulated system will include a RISC-V processor core, modified to include hardware security protections developed under the SSITH program. The software stack on each emulated system will contain known vulnerabilities, with the SSITH hardware security protections intended to prevent exploitation of these vulnerabilities. Security researchers will be tasked with devising novel exploit mechanisms to bypass these hardware security protections. The emulated systems will be derived from a diverse set of processor variants, hardware security protection technologies, operating systems, and applications.

One of the vulnerable applications is a web-based voter registration system. Successful integration of the SSITH hardware protection technologies aims to protect the underlying voter information from manipulation or disclosure, even in the presence of vulnerabilities in the system software, demonstrating how SSITH technologies could help protect critical infrastructure, such as web-based voter registration systems.

“To ensure the hardware defenses in development on our SSITH program are hardened against potential attacks and that discoverable vulnerabilities are remedied, we have embarked on DARPA’s first bug bounty effort, FETT,” said DARPA program manager, Keith Rebello. “Synack’s platform and community of ethical hackers provide us with the resources needed to thoroughly test and vet our defenses. Working with Synack and DDS provides us with proven expertise and confidence in this effort’s success.”

This is such a unique program for researchers and if successful, the hardware will make some foundational computer security vulnerabilities obsolete. 



This is where the call to action comes to you: the security researcher. Synack, DARPA, and DDS seek to recruit the best reverse engineering talent possible to secure the future of hardware not just in the USA, but globally. Security researchers that are not currently Synack Red Team members will be provided an opportunity to earn a Technical Assessment ‘Fast Pass’ to join SRT (legal verification steps still required) by participating in a Capture the Flag event. Current SRT members that meet the skills criteria will be granted access to the program throughout the life of the engagement. The DARPA FETT Bug Bounty is scheduled to launch to the Synack Red Team in July 2020. If you are not an SRT currently, but you’d like to engage in the DARPA FETT Bug Bounty, you can register for the CTF register here. The CTF will run from June 15th to June 29th.