People increasingly are substituting ordinary household tools with Internet-connected alternatives. Where once you’d find an ordinary thermostat, you might now encounter the futuristic-looking Nest. Instead of an ordinary CCTV camera that records to tape, you might have one that allows you to monitor your household from your phone.
The convenience this offers has a pretty sizable downside, as in recent years, internet of things (IoT) devices have proven to be somewhat of a security achilles heel.
Many don’t receive security updates, and have troublingly insecure default settings. This has allowed adversaries to use malware like Mirai to bundle them into giant botnets, which are potent enough to attack the underlying foundations of the Internet.
In recent years, we’ve seen a lot of attempts to fix this sorry state of affairs. Some, like Google, have attempted to address the underlying software used by these IoT devices. Others, like the LA-based Cujo, are more interested in stopping threats at the network perimeter, and have built an IoT-oriented firewall.
One of the more interesting IoT security devices I’ve stumbled across is Akita, from Tel Aviv’s HighIoT. This is essentially a consumer-oriented intrusion protection system (IPS), which focuses primarily on IoT threats.
So, it’ll plug into an LAN port on your home router, and it’ll quietly sit in the background, listening in for compromised devices. When it detects one, it leaps into action and promptly kicks it off the network.
“HighIoT is a network layer agnostic,” explained HighIoT CTO Igor Rabinovich. This means it can monitor and protect devices running on a variety of protocols. This includes standalone devices floating about on your home WiFi connection, as well as others using Z-Wave, ZigBee, and ULE Dect.
In the case of devices that don’t adhere to one of the aforementioned popular IoT standards, Akita can still disconnect it by sending an instruction to the network router, which then steps in. If you’ve got a subscription with a managed services provider, it can also warn them, and let them know that they’ve got something to fix.
What’s especially interesting about Akita is how it addresses the problem of building solutions for the legion of IoT devices out there. For this, it’s employing the two of the most popular tech buzzwords du jour: blockchain and the gig economy.
For each device the company has identified and profiled, there exists a record on a blockchain database, using the IPFS protocol. Rabinovich explained that this is important, as the blockchain is an almost immutable storage medium, and therefore there’s less chance that an adversary could compromise the database by deleting or modifying records.
But this says nothing about how the profiles are created in the first place; just how they’re stored.
HighIoT hopes to create a legion of security experts and developers (which it calls “HighIoT Guardians”), who will dedicate their time and resources for building these profiles.
These workers are paid with a digital token. The more times a profile is used to protect an end user, the more tokens they’ll receive.
“By building the profiles, HighIoT is able to protect IoT devices using their service, and monitor for suspicious behavior,” said Rabinovich. He talked a little bit more about how these “Guardians” would be reimbursed for their services and expertise.
The HighIoT Guardians are rewarded with HIT tokens for every profile they build, and can continuously earn additional income every time HighIoT AI uses the IoT profile for the malware detection. Therefore, the more profiles a HighIoT Guardian can build, the more income they will receive. Blockchain smart contracts are used to ensure proper payment is being made for each income generating activity that occurs. The HighIoT Guardians can work remotely and in their own time and ensure that the payment will be made for their effort.
HighIoT raised over $900,000 on IndieGogo and Kickstarter to build the Akita device, and devices will soon be on their way to its 12,000 backers. The company also plans to flog its home-grown IPS system to punters through Amazon.
It’s worth stressing that IPS systems are nothing new, especially when it comes to physical computing. What makes Akita especially interesting is how it plans to go about this task. As far as I know, no company has used the gig economy business model in the highly sensitive world of information security.
Regardless of whether Akita takes off, it’s comforting to know that there’s a lot of interest in fixing IoT security once and for all.
No comments:
Post a Comment