We’ve seen a lot recently in the news with botnets that have been taking over DVRs and connected cameras. What we do is provide a service that keeps your home protected against bad stuff getting in, but also ensures that the things that are private and personal stay within the home and don’t go out where they shouldn’t be going.
Vulnerabilities in smart home products have been in the news more since they were used to attack the internet last October (the “largest attack of its kind in history,” according to experts). What’s the state of consumer awareness of this issue at the moment?
There are two classes of issues that we have today. One is, devices are infected and used to launch attacks on websites and services. As an average consumer, I’m probably not particularly happy if my internet-connected refrigerator is used as part of an attack network, but it doesn’t really affect me personally.
The attacks that do concern consumers are things like baby cameras being hacked, or alarm systems being turned off remotely. For example, we found a vulnerability in one brand of internet-connected alarm that we can hack into and turn on and off at will.
When it comes to cybersecurity, all of a sudden you’re going from concern about usernames and passwords being hacked, to concerns and risks about physical security. That line between physical and digital is becoming increasingly blurred, and there’s a lot of concern—I think it’s probably the number one impediment to the adoption of these products—it’s people saying “are they safe, are they secure, am I introducing risks into my home?”
Amazon Alexa is a breakout star of CES this year and people are talking about how integrated it is with all kinds of products and services. A few years ago, smart home products weren’t very connected with each other, and now that’s changing. How does this impact security?
It ups the ante for us. Alexa in theory only turns on when you say “Alexa,” but who knows really? It’s one of multiple products out there that are either always watching or always listening. So now, I’m concerned about things that happen in the privacy of my home getting out there in the public.
Interestingly, here in Las Vegas, the Wynn announced that they were putting Amazon Alexa in every room. They thought, great idea, people can say “Alexa, open the window” or “turn the lights on.” But people are going “wait a second, what happens in Vegas stays in Vegas? Now I’ve got something in my room listening, going who knows where?”
The other set of issues is that this is a device that can control anything in the home. Imagine a scenario where your PC is hacked, and the hacker uses its speaker to say, “Alexa, open the garage door.” “Alexa, turn off the alarm system.” It raises the set of potential issues that are out there from a security standpoint.
We’re not out there saying these attacks are going to happen, but ultimately, any device that’s connected to the internet is literally minutes away from being compromised. There are systems out there continuously scanning billions of IP addresses looking for vulnerable devices.
What we’re saying is, we can give you peace of mind and you don’t have to be a security expert or understand this stuff, we’ve got you covered.
What are the biggest threats now, and where do you see the solutions headed in the future?
We’re not concerned about the Amazons out there—it’s the millions of devices that are coming off the shelf and have some kind of vulnerability. These are very easy devices to hack, they contain vulnerabilities, and the manufacturers have little if any incentive to secure these devices—they’re optimizing around how do I get my product to market as quickly as possible, and how do I minimize the cost. So you’ve got these millions and billions of devices coming into the home, that are ultimately vulnerable.
If you think about where this goes longer term, we’ve had interest from major carriers who want to build this into their residential gateway. That may be where this goes, but I think at least over the next couple of years, you’re going to see independent, standalone security companies like us providing these solutions to consumers.