The line between physical and digital is becoming increasingly blurred, and there’s a lot of concern.
Paul Lipman is CEO of BullGuard, an internet security company that has recently become focused on security for smart home products. In August, BullGuard acquired Dojo Labs, which makes a pebble-like security device that glows green, yellow or red depending on the current threat level toward connected products.
As many connected home products are managed together through software platforms such as Apple HomeKit and Amazon Alexa, smart homes are becoming even smarter, but also vulnerable in new ways. Dojo gathers information about vulnerable devices from across its security network, and regularly updates its software in response—essentially a crowdsourced security platform for the smart home.
We spoke with Paul Lipman at CES about the challenges for online security in an Internet of Things age.
Tell me a bit about your company and what brings you to CES?
We’re a security company, 100% focused on consumers. Historically, we had been doing endpoint security, so antivirus for PCs, Macs and smartphones. Back in August, we acquired Dojo, and they are the leader in cybersecurity for the connected home.
We believe that this connected home security area is the next mammoth growth area within consumer security. If you have a PC, you have to run some kind of antivirus—and equally well, if you’re buying any of these smart home devices and plugging them into your home network, you need to have some form of protection.
As you walk around at CES and you see these multitude of devices that connect to your home network—connected locks, garage door openers, cameras, the Amazon Alexa, you name it—all of these devices are essentially small computers, and they all have vulnerabilities and the potential to be hacked.
We’ve seen a lot recently in the news with botnets that have been taking over DVRs and connected cameras. What we do is provide a service that keeps your home protected against bad stuff getting in, but also ensures that the things that are private and personal stay within the home and don’t go out where they shouldn’t be going.
Vulnerabilities in smart home products have been in the news more since they were used to attack the internet last October (the “largest attack of its kind in history,” according to experts). What’s the state of consumer awareness of this issue at the moment?
There are two classes of issues that we have today. One is, devices are infected and used to launch attacks on websites and services. As an average consumer, I’m probably not particularly happy if my internet-connected refrigerator is used as part of an attack network, but it doesn’t really affect me personally.
The attacks that do concern consumers are things like baby cameras being hacked, or alarm systems being turned off remotely. For example, we found a vulnerability in one brand of internet-connected alarm that we can hack into and turn on and off at will.
When it comes to cybersecurity, all of a sudden you’re going from concern about usernames and passwords being hacked, to concerns and risks about physical security. That line between physical and digital is becoming increasingly blurred, and there’s a lot of concern—I think it’s probably the number one impediment to the adoption of these products—it’s people saying “are they safe, are they secure, am I introducing risks into my home?”
Amazon Alexa is a breakout star of CES this year and people are talking about how integrated it is with all kinds of products and services. A few years ago, smart home products weren’t very connected with each other, and now that’s changing. How does this impact security?
It ups the ante for us. Alexa in theory only turns on when you say “Alexa,” but who knows really? It’s one of multiple products out there that are either always watching or always listening. So now, I’m concerned about things that happen in the privacy of my home getting out there in the public.
Interestingly, here in Las Vegas, the Wynn announced that they were putting Amazon Alexa in every room. They thought, great idea, people can say “Alexa, open the window” or “turn the lights on.” But people are going “wait a second, what happens in Vegas stays in Vegas? Now I’ve got something in my room listening, going who knows where?”
The other set of issues is that this is a device that can control anything in the home. Imagine a scenario where your PC is hacked, and the hacker uses its speaker to say, “Alexa, open the garage door.” “Alexa, turn off the alarm system.” It raises the set of potential issues that are out there from a security standpoint.
We’re not out there saying these attacks are going to happen, but ultimately, any device that’s connected to the internet is literally minutes away from being compromised. There are systems out there continuously scanning billions of IP addresses looking for vulnerable devices.
What we’re saying is, we can give you peace of mind and you don’t have to be a security expert or understand this stuff, we’ve got you covered.
What are the biggest threats now, and where do you see the solutions headed in the future?
We’re not concerned about the Amazons out there—it’s the millions of devices that are coming off the shelf and have some kind of vulnerability. These are very easy devices to hack, they contain vulnerabilities, and the manufacturers have little if any incentive to secure these devices—they’re optimizing around how do I get my product to market as quickly as possible, and how do I minimize the cost. So you’ve got these millions and billions of devices coming into the home, that are ultimately vulnerable.
If you think about where this goes longer term, we’ve had interest from major carriers who want to build this into their residential gateway. That may be where this goes, but I think at least over the next couple of years, you’re going to see independent, standalone security companies like us providing these solutions to consumers.