Podcast host John Koetsier sat down for an interview with Cujo AI VP Marcio Avillez to discuss the problem of smart device and IoT security and what we can do about it using AI technologies.
Can AI help prevent distributed denial of service (DDoS) attacks and improve smart home security? Cujo AI says yes. The company recently inked a deal with Comcast to shield almost 20 million households from malware and spyware — and perhaps just as importantly, to protect the rest of the internet from insecure IoT devices on those homes’ local networks.
How? By using machine learning on huge amounts of network data to build a graph of normal device traffic and tracking anomalies that could indicate hackers recruiting smart devices for botnets or other nefarious purposes.
“We’re seeing IP cameras, network-attached storage, devices that have a little bit more CPU, a little bit more memory, that become kind of very useful tools for hackers to do the kinds of things that they want to do,” Cujo vice president Marcio Avillez said. “At some point, you’ve seen enough, and you say, ‘Okay, I know how that device behaves when it’s functioning normally on the network … I know what good looks like. By definition, any deviation from good is going to be bad.'”
Though some DDoS attacks, like one that nearly took down GitHub a couple of years ago, are server-based, many are not. The infamous Mirai botnet used internet-connected cameras and home routers to launch attacks on websites and internet service providers. This was a case of weak consumer security threatening internet infrastructure and enterprise networks.
Chipmaker Arm has attempted to fix this issue via certification, while Microsoft has concentrated on building a custom Linux kernel that is more resistant to attack. Cujo AI, however, is focusing on the layer that connects the smart home to the internet: the internet service provider.
Anyone who has been to the annual Consumer Electronics Show (CES) knows that thousands of new devices appear every year. Most of them disappear almost as quickly, and there’s little to no way to certify how they were made, what code runs on them, and what precautions your average non-technical person should take before installing them on their home networks.
“There was a manufacturer that created a network-attached storage device, and the way they implemented remote access into the device was leaving ports open and UPnP,” Avillez said, referring to the Universal Plug and Play connection standard. “Every single hacker in the world knows about this and is taking advantage of it.”
And it doesn’t take much to sour a network. Just one vulnerable device in one home out of 10,000 is enough to seriously ruin a network operator’s day — or build a significant botnet army.
“We’re in this looking at a half a billion devices or so,” Avillez said. “What we found is despite there being … close to 20 million homes, there were about 50,000 of these devices that were driving 70% of the threat volume that we were detecting.”
Why is AI so useful in identifying and protecting against that threat volume? The not-yet-known, the unclassified threats tend to be the most dangerous. “Sixty percent of the threats are things that we leverage some of the core traditional technology to identify … IP reputation lists [and] known bad websites,” Avillez said. “About 40% of the threats right now are … not going to be on a list.”
You can subscribe to The AI Show podcast here.