Having acquired Dojo-Labs in 2016, BullGuard is now ready to release the finished product in 2017
This year, smart home market revenue in the US is expected to surpass $10.4 billion and reach almost a third of all homes, before doubling in 2021. With that expansion of the internet of things (IoT), a whole host of new privacy and device management challenges will arise. The UK-based BullGuard aims to meet those challenges with a new product, Dojo, that will help users secure and manage those devices, whether they’re baby-cams, appliances, virtual assistants, lights, or locks.
Looking like little more than a banded, decorative rock, BullGuard debuted Dojo at CES this month and will be ready to launch on April 1, then start shipping to the US in mid-April 2017, which will mark a major overseas market expansion for both BullGuard and the people who came up with the concept: Dojo-Labs.
BullGuard acquired the Israeli startup Dojo-Labs last August, bringing into its fold Dojo-Labs CEO Yossi Atias and the eponymous smart home security management device, Dojo. Atias, who is now the General Manager for IoT Security at BullGuard, spoke with Geektime about the company’s long-awaited release of the hardware (and its accompanying app) and the state of IoT security.
“2016 was a testing time in terms of online security,” he says, and the hackers who made biggest splashes “are after specific devices or vendors. The nature of the attacks are not targeted attacks, but rather opportunity-based.” The Mirai botnet composed mainly of cameras and DVRs that took down Dyn last year, then, was not much of a surprise from a technical or organizational standpoint, even if its impact took internet users by surprise.
BullGuard is ready for Mirai in the next round, though, as Dojo will “detect a Mirai attack or execution immediately through real-time monitoring of all the connected devices,” and even if the device has already been infected, Dojo can do damage control to limit the impact.
With 6.4 billion IoT devices in use worldwide at the end of 2016, that’s a lot of things to keep safe.
What users can do ahead of time to mitigate that threat, besides having their Dojo set up already, is to update their firmware. But, sometimes that option is available and the underlying architecture is still vulnerable, hardly ideal, meaning that there needs to be some kind of intermediary setup until OEMs catch up with the threat. Management platforms will still be necessary even then, though, and will hopefully have acclimated users to the need to demand such security settings and accept the added steps in their routine as necessary.
Since people reasonably expect these devices to make their daily routines easier, though, Dojo has been built with a non-techie user base in mind: “It does not require any prior knowledge in networking or security,” according to Atias, and the app “alerts and guides the user via an intuitive chat interface.” When faced with a threat like Mirai, it takes blocking actions automatically, without needing to be micromanaged by its owner. The Dojo Intelligence cyber security engine “has a view and knowledge of all the devices under its service (not just user by user),” so it can “implement meaningful behavioral analysis and anomaly detection techniques focused on detecting security and privacy breaches.”
This is necessary because there are many different ways to compromise IoT devices, and also many different reasons why attackers want to do so, whether it is to seize the device for DDoS or actual use its sensors and access to personal information for identity theft or invasions of privacy. “Some exploits are used directly against specific devices,” notes Atias, “however some are used just as a tool to compromise other devices that contains sensitive and personal data.”
“From refrigerators to pacemakers to baby monitor cameras,” as well as “Wi-Fi routers, medical devices and connected toys,” BullGuard has seen it all in this regard and yet “the holistic view is still missing.” It is difficult to make security headway when the products are generally meant to be built, sold, and operated as cheaply, quickly, and easily as possible. And as we’ve reported before, the sheer profusion of IoT manufacturers and uses means that new entrants lack experience with device security and don’t have industry-wide standards and methods.
As Atias notes, “most OEM don’t want to publicly discuss the security flaws within their products.” (It isn’t that the smartphone makers want to either, of course, but years of facing common problems and embarrassing PR over failures have helped circle the wagons together when confronting threats.) So, while, “Some use modern techniques,” instead, “the majority are still not paying enough attention to security.”