When 88 elite hackers join forces, you know the security of the technology is being put to the test.
Dec. 12, 2023
Chris Holt, Bug Bounty, Intel
“I’m so confident in how we look for potential vulnerabilities and the critical response to any identified that I would put the power of our product security assurance up against our direct competitors.”
Pat Gelsinger, LinkedIn Blog
Malicious hackers are costing companies trillions of dollars every year, according to statista. In 2023, the cost was estimated at $8 Trillion USD with estimates exploding over the next five years to nearly $14 Trillion USD by 2028.
With Intel technologies in every industry and around the world, every step we take to improve our product security is aimed at reducing opportunities for attacks for our customers. Employing the power of the ethical hacker community—on top of internal security tests and hacking activities—takes our security to the next level.
Under the Intel® Bug Bounty Program, Project Circuit Breaker is tasked with building a community of ethical hackers around Intel technologies and creating live hacking events that bring that community together with Intel engineers to collaborate on hunting bugs.
The latest challenge, named Knights of Elektron, invited 88 elite hackers to target Intel’s latest Software-as-a-Service (SaaS) product.
The challenge kicked-off virtually where the group was trained on the technology, scope of the event, and rules for the bug hunt. Then, hackers from around the world flew into Lisbon; some even self-funded the trip for the value they saw in the opportunity to network, learn, and share their expertise. For 16 days in total, the community scoured the software for bugs.
“Running with Intel as a target was, in this case, extremely challenging.”
Frans Rosén, Security Researcher
“The pressure is definitely there. It’s a pretty small application. There’s a lot of hackers and it’s a very challenging concept.”
Justin Gardner, Security Researcher
By the end of the event, we had received 428 submissions encompassing 75 unique vulnerabilities. Those findings allow us to focus on the issues where we can improve product security, making the product more resilient to attacks.
The hackers were able to work in teams or independently and the event included a show-and-tell so they could learn from each other. This is one of the incredible benefits of programs like ours—we’re able to help the community grow and improve and, in turn, they find better bugs that help us continue to improve our product security.
In the end, our customers benefit from more resilient products and the community of ethical hackers gets better at finding complex and novel threats.
“The experience of learning the technology that we’re getting now is going to pay off in the next event and the next time we interact with this service.”
Garret Adler, Security Researcher
Knights of Elektron: watch the video!
Other products that have gone through Project Circuit Breaker include: Intel® 11th Gen Intel Core processors, codenamed Tiger Lake, Intel 12th Gen Core processors, codenamed Alder Lake, Intel® Software Guard Extensions, and Intel® Trust Domain Extensions (Intel TDX).
If you’re interested in joining the community of hackers, check out www.projectcircuitbreaker.com.
Join the conversation on X with @IntelSecurity (Knights of Elektron)
Find me on LinkedIn and let me know what you think: @ChrisHolt
Security Researchers live hacking at Knights of Elektron
See previous article from Chris:
Cybersecurity: 5 Trends That Will Transform The Company/Hacker Relationship in 2024
Intel Product Assurance and Security (IPAS) is designed to serve as a security center of excellence – a sort of mission control – that looks across all of Intel. Beyond addressing the security issues of today, we are looking longer-term at the evolving threat landscape and continuously improving product security in the years ahead.