IoT devices are becoming more popular in homes, and so too are these devices’ security vulnerabilities. The latest concerning example is the hack of the Amazon Echo, the smart speaker capable of voice interaction, music playback, making to-do lists, setting alarms, streaming podcasts, and more.
The hack, which works by gaining root access to a vulnerable Echo and adding commands that secretly capture the raw microphone input and send it to an attacker-controlled computer, shows just how vulnerable consumers can be in the privacy of their own home. Moreover, it highlights the need for consumers to remain vigilant about the products they install, and for IoT developers to have more rigid security assessments of the smart devices they develop.
It’s clear from the Amazon Echo hack, as well as from past IoT security incidents such as Stuxnet and the Target data breach, that all the network and perimeter-based security mechanisms in the world are no match for human error (i.e. phishing) or “evil-maid” attacks, in which a device can be compromised because there is physical access to it. Devices need an additional layer of security that monitors behaviors inside the device.
Enter Trustlook SECUREai IoT – The Guard Inside the Castle
Trustlook SECUREai IoT revolutionizes IoT security with a custom, embeddable engine built on artificial intelligence. SECUREai IoT is a device-behavior-based solution that detects threats that existing perimeter and network-based products fail to stop. SECUREai IoT works at the device level, so it protects an IoT device from the inside. Its device driver monitors hundreds of system calls and network resources to detect anomalies.
The solution assumes that an attacker already has root access, and monitors the device behavior that happens after root access. Because “root” is the starting point, SECUREai IoT can catch malicious activity that has made it past other forms of protection.
In the case of the Amazon Echo hack, SECUREai IoT would have quickly identified the raw microphone data streamed over TCP/IP to a remote service. It’s fine grain kernel-level monitoring of system calls, network and device resources can detect what is normal and abnormal operating behavior.