Skip to main content

UC Irvine’s embedded security team came in 11th place globally out of 97 participating schools at the 2024 MITRE Embedded Capture the Flag (eCTF) competition. The annual, months-long competition requires teams to build and attack a secure embedded system. Teams consider not only system security but also the full-stack development process, leveraging skills in project management, documentation analysis, coding, math and algorithms, and embedded design.

“This year’s challenge was to build a secured medical system, called MISC, with an insulin pump containing two sensors and one processor,” says informatics major Jinyao Xu, the team’s senior algorithm engineer and 2024 project engineer. “We had to ensure all the medical functionality of the boards as well as ensure data privacy, secure communication and hardware security.”

The team of six included Xu and fellow UCI students Zhanhao Ruan, Yintong Luo, Richard Sima, Zuhair Taleb and Songhao Wang — all students in the Donald Bren School of Information and Computer Sciences (ICS).

Five students, one holding the insulin pump, one holding the sensors, and three holding up laptops showing their code and project poster.
Team members (from left) show off their project: Zuhair Taleb, Yintong Luo, Richard Sima, Zhanhao Ruan, and Jinyao Xu (Songhao Wang not pictured).

They divided the work into three subgroups focused on algorithm design, software design and hardware design. The team was selected to present their system at the final MITRE awards ceremony at the University of Massachusetts, Boston in April.

As outlined during their presentation, the team developed its own unique Mask-On Key-Exchange protocol that leverages a multi-party computing and block-cipher technique to ensure security. During the attack phase of the competition, the team compromised more than 12 schools and captured 45 flags — a record-breaking achievement for UCI.

“We are constantly looking for enthusiastic students to join us,” says Xu. “We’ll be forming a new team in the fall for the 2025 competition.” MITRE will announce the challenge in January, and teams will then spend 7-8 weeks building a secure system from scratch before moving into the attack phase. Xu says team members can expect to learn about software engineering, embedded system design, and algorithm analysis.

“This well-rounded learning experience can help students prepare for a job in industry or for research in academia,” says Xu. “In addition, students will finish a Github industry-level project, which can significantly enhance their resume.” During the winter quarter, students can receive CS199 course credit from Computer Science Professor Ian Harris, who advises the team. For more information, contact Xu at

Promotional flyer for the eCTF Team BugEaters. Recruitment contact:

Shani Murray