Palitronica and CPI Student Hack-a-thon

Monday, January 30, 2023
students gathered around laptop

Palitronica logo


CPI logo

Student Hackathon Call for Applications

Palitronica and the Cybersecurity and Privacy Institute (CPI) are pleased to present this call for applications for UWaterloo Graduate and Undergraduate students to participate in an event that focuses on raising awareness of the threats and implications that ‘rubber ducky’ technology presents to the world around us.

Student teams of 2-3 people will be able to compete for prize money of $500 per person in a two-phase process that will involve:

  • presenting an initial plan that details how your team will engage with the technology in order to achieve the stated goals of raising awareness for rubber ducky technology and demonstrating its capabilities
  • 5 teams will be selected to continue to phase two, where they will be provided resources and lab space wherein they have 2 months to build their project and present it in a final event

This document will expand upon the technology in question and provide details on how to apply.

Problem Background:

The prevalence of easily obtainable devices that potentially allow remote hacking of any device that accepts USB equipment is a serious cybersecurity and privacy problem. Such devices, available for public purchase through online sales, allow for a host of malware to be installed on USB-enabled cables, thumb drives, headsets, keyboards, or similar devices which are difficult to detect until remotely or automatically triggered. Billed as an information security and penetration testing tool that looks and functions just like a regular USB-enabled device (interface, power, and data) when plugged into a host computer, these devices appear benign. However, within each device is either a minute Bluetooth component, which waits for a remote command, either from a smartphone or a Bluetooth remote control, or an automatically triggered component, which then delivers its harmful malware. An example of the significant impacts and level of threat from such devices and counterfeit technology may be found here.

Palitronica has identified this technology and similar threat platforms as a major cybersecurity and privacy threat to all levels of society, including national defence. Their response has been to create the Anvil technology platform, which enables the verification of the integrity of products before they are deployed to customers, facilitating the rapid detection of implants, modifications, and weaknesses introduced through manufacturing and sourcing. Anvil acts as a shield between counterfeit and potentially malicious products and their supply chains, preventing unsolicited modification to products and therefore elevating customer trust and confidence.

Palitronica, in conjunction with CPI, is proud to support a student hack-a-thon event that will provide students the opportunity to engage with these devices to explore, develop, and evaluate the potential threats. This event will challenge their abilities to implement them (i.e., create a hacking USB-enabled device and demonstrate the threat posed by tech) in a closed environment to gain awareness into the potential threats, disastrous consequences, and need for cybersecurity research, detection, and regulations.

Student Application Details:

            Students wishing to apply for this competition should email Contact CPI by February 15, 2023 with their:

  • Team Name
  • Team Members:
    • Names
    • Waterloo Program
    • UWaterloo email addresses
    • If you would like help to find or be allocated to a team, you may indicate this in your registration email

Competition Outline (details to be given upon registration)

    • Process:
      • Phase 1: Student teams will submit their written proposals (template given at registration) that outline their theoretical (on paper) project that will expand on the technology’s capabilities and impacts, we encourage students to research this technology and its scope before applying to this event. A project plan will detail a step-by-step outline of what the project intends to accomplish, including highlighting their intended demonstration goals or information points. This may include how they intend to adapt the technology to a different device, the consequences of uploading malicious content, or examples of potential attacks, for example.
      • CPI and Palitronica will evaluate the proposals and the top 5 teams will proceed to Phase 2.
        • Deadline: Feb 24, 2023
      • Phase 2: The top 5 teams will build their proposed project involving the ‘malicious’ USB-enabled device using their allocated budget (up to $300 per team). Palitronica will source the device and provide requested resources within this budget, with CPI directly managing these requests.
        • The hackathon will take place in April 2023
        • Presentation (template to be given) of their designed USB device and its potential threat
        • Demonstrate the tool’s hacking capabilities
        • The USB device will be tested by Palitronica’s technology (Anvil) under the supervision of Prof. Sebastian Fischmeister and CPI
        • At conclusion, students must return all materials provided (rubber ducky, etc.)
    • Teams:
      • Comprised of 2-3 students, from UWaterloo undergraduate and graduate studies
    • Awards:
      • Successful team wins $500 per person
    • Resources:
      • E5 Fabrication labs and tools (including soldering)
      • E7 Embedded Systems Lab (Prof. Sebastian Fischmeister’s lab)
      • CPI will purchase the USB equipment requested for each team (within budget)