More connected devices are connecting with more databases and sharing more information than ever – and we’re just at the beginning of the data-gathering revolution that the Internet of Things will bring us. Unfortunately, according to security experts, Kaspersky Lab, that provides hackers with more opportunities to steal more data, especially from IoT devices that are essentially unprotected.
“The bond of trust between users and their devices can lead them to forget about security,” said Victor Yablokov, head of mobile product line at Kaspersky Lab.
“It’s hard to imagine that something we carry close to us at all times and turn to for everything could ever become a threat. But it can, and does happen. A digital friend can become a digital frenemy,” doing good for us while doing harm at the same time, he said.
“A failure to appreciate the potential risks and to protect our devices and information accordingly could mean the loss of confidential information, money and even our identities. Security is simply not an optional extra.”
To the rescue comes an Israeli start-up called Dojo Labs, which, with a stylish stone-like device, will monitor all data sent by anything connected to the Internet – smart TVs, smartphones, smart tablets, smart refrigerators, even smart water faucets – to determine whether they are sending out data in amounts or in ways that do not fit their profile.
Such activity, according to Dojo co-founder and CEO Yosi Atias, could be a signal that a hacker has taken control of a device and is using a device as a way to get into a network and steal sensitive data.
“A hacker isn’t necessarily interested in a specific device, like a connected refrigerator,” Atias told The Times of Israel. “But they may use it as a gateway to get into a network and steal data from a computer that is on the network, or even activate a camera or microphone and upload the video via their hack.”
In other words, a smart TV that a user thinks was turned off could be activated remotely by a hacker who breaks into the network via, for example, a connected weather station that downloads temperature and humidity information from the network, and is connected to a home heating system. If that smart TV is in the bedroom, a hacker could get hold of some very intimate footage by activating a webcam in a smart TV – with the victim clueless until they find out from YouTube that they are the stars of a porno.
Smartphones and other connected devices are more a part of life than ever, a study released last week by Kaspersky Lab said. Smart devices “are carried and used everywhere, including at work (52%), in a car (41%), on public transport (39%), in bed (58%) and even in the bathroom (29%).”
The relationship between users and their digital devices is often closer than between best friends, the report said – because how many people would allow even their closest friends with them into the bathroom?
But by bringing a connected tablet into the bathroom, bedroom, or anywhere else in the house, said Atias, users may be giving complete strangers access to their most private moments.
“Our Dojo device is a local intelligent unit which takes care of threat detection and prevention along sided with network management and control,” he said. “Dojo constantly analyzes all the network traffic within the home network and enforces the security policy of that specific network, while observing the behavior of specific connected devices.
“We check not the data itself, but how much of it is sent, where it is sent to, and the metadata on what kind of data is being sent. If your connected refrigerator is sending out video, for example, we detect that and alerts you with the Dojo ‘stone’ glowing in different colors,” said Atias, adding that the system also prevents attacks in the first place by monitoring suspicious incoming communication, and stopping it in its tracks.
In addition to checking suspicious behavior based on a profile of the device, he added, Dojo also compares its behavior with other ones of the same brand and/or type used by Dojo customers.
“We compare the behavior of your connected refrigerator, for example, not just based on what it usually does, but on what other connected refrigerators do as well,” said Atias. “Thus we can determine whether the security breach is a ‘local’ one due to a hack attack, or if there is security problem with the specific product that the factory needs to address.
The Dojo, which will cost $99, including a year of monitoring service, is set to be released next year. The system includes the Dojo device, a “pebble” that can be moved around the house to detect data leaks from smart devices (the Dojo does its monitoring via Bluetooth). Light rings on the pebble glow when there is activity on your network.
When an alert is issued, it shows up on the Dojo mobile app, allowing users to remotely turn off a device or block its communications. Data about network connectivity is uploaded to Dojo’s Intelligence Engine, which detects cyber threats and abnormal behavior through machine learning and proprietary algorithms, paired with Dojo-Labs’ cyber research.
While there are plenty of security solutions for computers, from firewalls to anti-virus programs, the need for those safety measures has not yet filtered down to the makers of smart devices, said Atias. “Many of these devices are made by consumer electronics firms that have not had to contend with cyber-security issues in the past, so it is going to take time for them to get used to this new world.
Until that happens, said Atias, Dojo can be the “adult in the room” that keeps an eye on digital “frenemies. Dojo knows when the TV is still recording your voice even if it’s off and when that data is being uploaded to the cloud,” he said. “We all lock our front doors and yet our devices are wide open. Our homes contain our most intimate data but the security of these things is an afterthought. We created Dojo as the first technology to help us safeguard our homes.”