This awesome Robot Hacker known has Mayhem can hack any programming code
The future world truly belongs to AI, Robots and machine learning. We have known about botnets and robots but now comes Mayhem, a software program that can hack any code. According to its developers, Mayhem is meant to be best option for automatically defending against cyber attacks and will very soon be launched in the real world to fix the internet.
For those unfamiliar, Mayhem had won a $2 million hacking prize at the Cyber Grand Challenge held at the DefCon hacker conference in Las Vegas last year. The event was staged by the Pentagon’s Defense Advanced Research Projects Agency (DARPA) to create AI based autonomous cyber security systems that can patch themselves, watch for intrusions and hack other systems all with minimal human interaction. Mayhem was developed by security startup ForAllSecure, co-founded by Carnegie Mellon professor David Brumley and two of his PhD students.
Now, Mayhem is beginning to test its hacking skills to work in the real world. The company has started familiarizing Mayhem to automatically find and patch flaws in certain kinds of commercial software, including that of internet devices such as routers.
In order to find out if Mayhem is able to help companies recognize and fix vulnerabilities in their products more swiftly and broadly, the company is carrying out tests for the same with unidentified partners, along with an internet device manufacturer. The main focus is on solving the problem of firms who are required to invest considerable resources to supporting years of previous merchandise with safety updates.
Late last year, websites such as Reddit and Twitter were taken down by hackers who used a huge botnet of compromised internet devices such as cameras.
“Now when a machine is compromised it takes days or weeks for someone to notice and then days or weeks—or never—until a patch is put out,” says Brumley. “Imagine a world where the first time a hacker exploits a vulnerability he can only exploit one machine and then it’s patched.”
Last year, Brumley published results from feeding almost 2,000 router firmware images through some of the techniques that powered Mayhem. Over 40 percent, representing 89 different products, had at least one vulnerability. The software found 14 previously undiscovered vulnerabilities affecting 69 different software builds. ForAllSecure is also working with the Department of Defense on ideas for how to put Mayhem to real world use finding and fixing vulnerabilities.
Currently, ForAllSecure is also working with the Department of Defense on ideas for how to put Mayhem to real world use in finding and fixing vulnerabilities.
While acknowledging that the practical use of techniques from the DARPA bot battle are important, Giovanni Vigna, a professor at the University of California, Santa Barbara also said that the vision of automated hackers cleaning up all the world’s security vulnerabilities are improbable. He believes that the work done by the botnet would still need to be rechecked by humans.
“Say you’re a router company. These guys won’t want to deploy a patch that has no quality assurance and could take all their devices offline,” he says. Vigna had led the team whose MechanicalPhish software came in third in the DARPA contest last summer. The software has been released as open source for others to experiment with.
Brumley accepts that problem, as several people, including even in the U.S. government choose to have a “human in the loop” rather than allowing automated software run the show, he says.
“I’m not against that, but I feel that it slows down the process,” says Brumley. He’s hopeful that as autonomous hackers and fixers prove their worth, they will be allowed to work with less human supervision.
Source: Technology Review
