The Digabi project, run by the Matriculation Examination Board, crowdsourced the search for security issues by organising a hacking contest, the Hackabi, on 7 August-1 September 2013. Some twenty competition entries were submitted, most of them from Finland. Within one month, the operating system was downloaded about 1,750 times. The hacking contest proved
to be a good way to attract enthusiastic and skilful people from the field to work on a government IT project!
The hacking competition jury declared the winners today, on 8 October 2013. The winners, 1st Harry Sintonen, 2nd nickname deffi420, and 3rd Esko Järnfors and Jarmo Lahtiranta, will be awarded a smartphone or a tablet, according to their choices. The judges were impressed with the originality and scope of the submissions – the solutions held very high standards. The jury consisted of IT specialist Juhani Eronen (CERT-FI), chief research officer Mikko Hyppönen (FSecure Oyj), and senior security consultant Pekka Sillanpää (Nixu Oy).
The assignment was to hack into the first Linux-based test version of the matriculation exam from an operating system that had not undergone an extended security check. Several of the competitors had found a number of security issues in the operating system. Some of the weaknesses had to do with inadequate protection settings or flaws in the software distributed. We also received very creative solutions where the submitters had found security breaches ‘outside the box.’ One of these 'outside the box’ thinkers receives our honorary mention for sabotaging the exam by sending Morse code from the sound card.
The competition seems to have challenged the participants, since several of them would update their replies as the hacking contest progressed. The most versatile answer included almost twenty different vulnerabilities. As an indication of the hackers’ skills, let us mention that some participants had assessed and categorised their findings according to how critical they were, and some had even included suggestions on how to fix security vulnerabilities. There is a summary of all the entries on the competition website, digabi.fi/hackabi.
In the Hackabi competition, we looked for security issues and vulnerabilities in the Matriculation Examination Board’s operating system, so that we will be able to stop candidates
from using illegal software during the matriculation exam. With this OS, we could give all candidates the same exam experience when it comes to source material and available software.
The OS, designed to be booted from e.g. a USB drive to the candidates’ own devices, is still available for download and testing. It will be developed further on the basis of the feedback we have received. During autumn, the project will be touring with a presentation of the plans for exam arrangements. By the end of the year, the sections creating the exam questions will present their plans for what the digital exams will look like in each subject. The software to be used in the exam system will also be selected by the end of the year.