Our recent smart home articles have revealed our readers’ preoccupation with security: people are worried about the risks inherent in adding connected devices throughout their home. We’ve written a bit about the security risks inherent in the IoT, but the conversations centered around a few of my own articles inspired me to seek out some experts to get more details on the risks of smart homes and what can be done about them.
A Surprisingly Small Market
When I set out to research this article, I immediately ran into an interesting problem: there aren’t many companies who are pushing smart home security solutions—and for a quickly growing market, this was quite surprising. Alongside a few Kickstarter campaigns, were a few anti-virus packages that offered some protection for smart devices, but not much else. Fortunately, as I kept looking, I came across a young company called Itus Networks.
Itus was founded by Jock Breitwieser and Daniel Ayoub, two guys who have years of experience in network security, mostly in the small-to-medium-sized enterprise (SME) world. When I spoke with them they told me that they moved into the consumer security industry when they saw a huge gap in the market; plenty of security options for SMEs existed, like enterprise-grade firewalls, but they were too expensive and complicated for home use, leaving most consumers with poor levels of protection.
Interestingly, they also told me that many of the big IoT security problems have been well-known in the security world for a long time (though myths still abound in the consumer sector), but no one had previously stepped up to do anything about them.
That’s worrying, isn’t it?
When I asked why these security flaws were so persistent, they gave me a simple economic explanation: in consumer electronics, “the name of the game is . . . really high volume and low margin.” Spending money on developing security isn’t a priority—it’s too expensive. In addition to that, Ayoub made the great points that security “is not [consumer electronics manufacturers’] core competency” and “is often something they do as an afterthought.” Security isn’t a priority, and that’s not likely to change.
Many people are currently relying on their routers to provide security, but Breitwieser warned against banking solely on router security:
[T]hey all have security as . . . one of the features that they list on the box . . . or they will have a checklist, and security is one of the checkboxes on there. And that’s not exactly a lie; it’s just a little bit of a stretch, because the technology that they rely on . . . is just completely outdated.
He went on to tell me that at a recent hacking conference, DefCon 22, there was a router hacking competition called SOHOpelessly Broken (SOHO refers to small office/home office devices) that sought to publicize the outdated and ineffective security that’s built into SOHO routers. Not a good sign.
Breitwieser and Ayoub also talked about how security updates from manufacturers are almost always of a reactive nature, and rarely of a proactive, preventative one, which means that hundreds of thousands, if not millions, of devices could already be infected before a patch is released. And with more and more devices going online, it’s getting harder for users to keep up with and implement those updates.
Sure, it’s easy to update your phone and your computer, but do you know how to update the firmware on your refrigerator? And Ayoub asks, “even if they do release a patch . . . what’s the likelihood that my 70-year-old mother is going to know how to update the firmware in her IP cam or in her router?”
After talking to the guys from Itus for a while, it was clear that the security situation for smart homes devices isn’t very good. In fact, it’s really bad. But it’s not just smart devices; it’s home networks in general. SMEs are getting more advanced protection than consumers, and the technology hasn’t been trickling down. Itus set out to change that.
Right now, Itus is working on the final stages of testing and quality assurance for the iGuardian, an inline intrusion prevention system. It’s a device that goes on the line between your modem and your router and inspects all of the traffic going in and out of your home. It makes comparisons to known malware, viruses, trojans, and other malicious traffic, and if it finds a match, it drops the offending traffic, whether it’s from your computer, phone, or smart appliances, and resets the connection.
By sitting between your modem and router, the iGuardian does what anti-virus software can’t: it stops bad stuff from hitting your devices. Anti-virus software can quarantine the suspicious files or code once it’s already on your machine, but it can’t prevent it from at least getting in the door. “[Inline intrusion prevention] is pretty much the best and only way to be able to mitigate a lot of those risks,” says Ayoub.
The Itus guys explained to me that most cybercrimes are crimes of opportunity; criminals cast a wide net to capture as much data as possible, and they’re unlikely to spend a lot of time trying to get through the defenses of a specific household. If it’s going to take them more time to get through a firewall or something like the iGuardian, it’s just not worth it. And if someone does take the time to attack, they’re going to find it difficult to deal with the iGuardian—without a lot of digging, it doesn’t even show up on an attacker’s computer. It doesn’t have an IP address, so it’s a very stealthy protection system.
It also makes it easy for Ayoub’s 70-year-old mother to stay protected: it’s plug-and-play, installs in five minutes, and updates automatically.
The biggest competition [for Itus and the iGuardian] is people who think they have nothing to protect.
Breitwieser cut right to the chase with that statement: everyone has things to protect, and everyone has things that they need to hide. It may not be a secret identity or a blackmail-worthy past, but just about everyone has logins, credit card information, health records, tax documents, and other valuable pieces of information on their computers, and these are the things that make hackers money.
We’ve talked before about how “I have nothing to hide” is a bad reason to not fight against internet surveillance, and it’s just as bad a reason to not protect your home network. And after talking with Jock Breitwieser and Daniel Ayoub of Itus Networks, it’s clear that anti-virus software and “secure” routers just aren’t going to cut it, especially in the age of the connected home. The iGuardian is filling a huge market gap, and it seems like a perfectly sensical, very effective way to go about it.
The iGuardian is currently available for pre-order for $149, and Itus hopes to ship it early next year.
Image credits: Home Electronic Devices via Shutterstock, Social network thief stealing money by reaching his hand picking up dollar banknote from wallet on screen of smart phone (edited) via Shutterstock.