Carnegie Mellon’s hacking team wins MITRE eCTF Cybersecurity Competition

Carnegie Mellon University’s (CMU) hacking team, the Plaid Parliament of Pwning (PPP), defeated 79 other collegiate-level teams, defending its title at the 2023 MITRE Embedded Capture-the-Flag (eCTF) cybersecurity competition.

PPP’s win came in a landslide, scoring over 10,000 more points than any other team competing in this year’s event. Notably, PPP finished ahead of hackers from the University of California, Santa Cruz (2^nd place), and the University of Illinois Urbana-Champaign (3^rd place).

Over the course of three months, teams worked to design and implement a key fob system for a car door lock, protecting their car from unauthorized entry and preventing attacks such as replays and key fob cloning. The annual competition saw teams from the United States and around the world, with a record-breaking 546 participants.

“Our team has strong expertise in both embedded development and attacks,” says Maverick Woo, a project scientist at CMU’s CyLab Security and Privacy Institute and one of the team’s faculty advisors. “Our students worked hard and were committed, and they were able to organize themselves to take advantage of the large team size.”

eCTF competitions are unique from other Capture-the-Flag competitions because they focus on embedded systems security. Students not only defend against traditional cybersecurity attack vectors but also need to consider hardware-based attacks such as side-channel attacks, fault injection attacks, and hardware modification attacks.

“These competitions offer students a unique opportunity to combine the knowledge and skill sets obtained in various cybersecurity, computer science, and computer engineering classes and apply them to real-world situations,” says CMU Information Networking Institute Assistant Teaching Professor Hanan Hibshi. “Over the years, alumni have shared how these experiences impacted their careers and their understanding of the concepts we discuss in class.”

“Before competing in eCTFs, I had almost no security experience. Thanks to competitions like this, I now understand the basics of cryptosystems and have gained hands-on experience performing attacks and designing secure systems,” says Carson Swoveland, a junior in CMU’s Electrical and Computer Engineering Department.

Carnegie Mellon’s elite hacking team first formed in 2009 and has since won many prestigious cybersecurity competitions. In August 2022, PPP won its 6^th DEF CON Capture-the-Flag, the most by any team in the competition’s 27-year history.

The 2023 MITRE eCTF victory builds on CMU’s prowess in cybersecurity, a strength shared with the rising generation through the University’s picoCTF, a free and robust computer security education program that hosts the world’s largest student-focused hacking competition.

###

About the College of Engineering:

The College of Engineering at Carnegie Mellon University is a top-ranked engineering college known for its Advanced Collaboration culture in research and education. The College is well-known for working on problems of both scientific and practical importance. Our “maker” culture is ingrained in all that we do, leading to novel approaches and transformative results. Our acclaimed faculty have a focus on innovation management and engineering to yield transformative results that will drive the intellectual and economic vitality of our community, nation, and world.

About Carnegie Mellon University: Carnegie Mellon, cmu.edu, is a private, internationally ranked research university with acclaimed programs spanning the sciences, engineering, technology, business, public policy, humanities, and the arts. Our diverse community of scholars, researchers, creators, and innovators is driven to make real-world impacts that benefit people across the globe. With a bold, interdisciplinary, and entrepreneurial approach, we do the work that matters.