You might delay it, but you can’t stop it. The age of Internet of Things (IoT), where anything and everything becomes a computer connected to the internet, is approaching at an accelerating pace. By many accounts, it’s already here. In a foreseeable future, you’ll be hard-pressed to find a home appliance that isn’t connected to the internet.
While these smart appliances will enhance your home with their interesting (and sometimes useless) features, they will also trail along a host of vulnerabilities and security issues that can do more damage than good. In the past year, the abysmal state of insecurity in IoT devices has caused concern among experts, lawmakers and government officials.
Eventually, gone will be the days where all you had to do was to install and update an antivirus software on your computer to secure your home network. Soon, your home will be loaded with dozens of computers, each ready to be hacked and used against you and others.
Several cybersecurity companies have risen to the challenge of securing smart homes, where security resources are scarce and threats aplenty. One of these companies is Dojo Labs, an Israeli startup acquired by UK security firm Bullguard last year. Dojo is one of a handful of companies that offer smart firewalls, a new breed of home network security solutions that specialize in protecting connected devices against the many cyber threats that lurk out there.
I recently had a chance to test-drive Dojo’s namesake smart firewall, a device that looks like a round, glowing rock. Here’s what you need to know about what the Dojo’s security model works.
Establishing a secure perimeter
The Dojo connects to your home router and acts as a gatekeeper for your network’s incoming and outgoing traffic, along with the communications inside your network. All of your devices, including your laptop, printer, smart fridge, toaster, lights, etc. go through Dojo when connecting to the internet.
An accompanying mobile app, available on both iOS and Android, is Dojo’s control center. In it you can see a profile of all your home network’s connected devices and a log of the events that have taken place in your network. The Dojo app enables you to monitor and control your home network remotely, no matter where you are. In fact, to test the Dojo, I connected to a Dojo that was located in a test lab located thousands of miles away.
The device itself glows in three colors, green, orange and red, respectively representing “safe,” “threat blocked” and “action required.” The same status is displayed in the app.
The Dojo is backed by a cloud service that is kept up to date with the latest threat indicators, IoT device specifications and behavior schemes, and more. The device combines its own processing power with the cloud to secure your home network.
Knowing the hidden threats to your smart home
When assessing the efficacy of Dojo, I wanted to see how it measured against both visible and hidden threats. What I mean by visible threats are incidents with tangible results, such as a smart thermostat that goes rogue and remains locked on a high temperature, or a smart lock that can hacked through a WiFi connection.
Those threats should be taken and dealt with seriously, but what I was more interested in were the threats that go unnoticed. For instance, your baby monitor might be leaking its video feed without you ever finding out, or your devices might have fallen prey to a botnet and become instrumental to a massive DDoS attack like the one that caused a massive internet blackout last year.
How Dojo handles threats
To see how the Dojo deals with security incidents, I tried connecting to a blacklisted domain through an Ubuntu workstation that was in the Dojo network. I was redirected to a page that bore the Dojo logo and warned against visiting the website. Meanwhile, the Dojo app warned me about the incident.
Per se, this isn’t impressive. After all, if you’ve got a decent endpoint security solution installed on your computer, it’ll probably be as effective as the Dojo in preventing you from accessing malicious domains.
However, remember that the same process happens for all the devices in your network, including those that don’t have the means to protect themselves. As opposed to a browser, which is actively controlled by a user, most smart home appliances silently connect to the internet without any human intervention (after all, that’s why they’re supposed to be smart). Most of them are headless, which means they don’t have a display or proper input devices, and have limited remote administration capabilities through mobile apps or web portals.
More importantly though, these devices seldom have the resources or capability to run on-device security tools. So, for instance, if your home computer is infected with a trojan malware which is exfiltrating your data to a remote server, your antivirus might detect and block it. But if the same happens to an IoT device, say a smart fridge or a smart door lock, it’ll have no means to protect itself.
This is where Dojo comes into play, intercepting the incoming and outgoing traffic of those devices and preventing them from communicating with a malicious server.
In another test, we tried to simulate a command-and-control (C&C) server trying to access a device that was infected with the Mirai botnet. Dojo turned orange and blocked the attempt, notifying me of the botnet breach attempt.
Accessing malicious domain traffic isn’t the only way that your devices might manifest harmful behavior. That’s why Dojo uses a multitude of techniques to protect you against threats.
In another test, we intentionally opened a remotely accessible port on an IP camera in the home network. This is something that can happen often, either intentionally or out of negligence. Finding cameras with open ports is as easy as running a query in shodan, the search engine for connected devices.
When I tried to connect to the camera from a device that was outside the home network, Dojo turned red and suspended the connection as a suspicious attempt. It then notified me through the app that someone was trying to access my network from outside and disclosed the location, and prompted me to block the connection or permit it. If it is a legitimate access I can permit it and continue working. If not, I can block it. What I liked about this functionality was that it was effectively acting as a two-factor authentication method for devices that are meant to be managed remotely.
While looking for things your devices shouldn’t do, Dojo also finds threats by making sure your devices are only doing the things they’re supposed to do. The Dojo cloud has a behavior profile of all known IoT devices. This means that when a new gadget enters your home network, it already has an idea of what its traffic should look like. This is one of the benefits of IoT devices. As opposed to generic computing devices such as laptops and smartphones, IoT devices perform a narrow set of functions, making their behavior predictable.
If an IoT device becomes compromised and acts in a manner that deviates from the baseline behavior, Dojo will detect it and warn you. For instance, if an IoT device such as a smart lamp, which performs a very limited set of functions, suddenly starts to do something weird such as scanning your network for open ports on other devices, Dojo will prevent it.
Dojo also uses machine learning to detect when devices in your home are acting out of norm. When you initially install Dojo, it starts to adapt to your habits, which it does by examining the traffic in your home network, the way your devices interact with outside servers and between themselves. This way, it establishes a baseline for your network and starts to look for outliers. For instance, if a connected devices attempts to communicate with an unknown server or has a surge of activity at an hour where it was usually inactive, the Dojo will warn you.
Dojo is also using the data it gathers from various devices to create a crowdsourced database and keep all its customers protected from emerging and evolving threats.
Privacy was one of my concerns as I reviewed Dojo. After all, if all of my home network’s traffic was going to pass through a device that is connected to a cloud server, I should know how it will be handling it.
Technically, if you’re using encrypted services (sites whose address starts with HTTPS), Dojo won’t be able to see the content of your communications. But according to the developers, Dojo isn’t interested in the content of your communications anyway, and it gathers all it needs from the metadata that your communications generate. This means that it looks at information such as domains, IP addresses, ports, timing and frequency of exchanges, sequences of actions, etc. to determine if a behavior is malicious or safe.
A note to add here is that if one of your devices uses a VPN service, Dojo won’t be able to monitor and protect it. So if you want to use a VPN, it’s better that you install it on the router that stands behind Dojo, so that the device will be able to perform its functions.
But I also wanted to know how much of this metadata would be stored on the Dojo cloud. Metadata per se might not sound valuable, but when put together, it can amount to very revealing information about the subject. To give you an impression of how valuable metadata can be, the U.S. military relied on it to specify enemy targets and authorize airstrikes.
There are two separate stores of data in the Dojo cloud. One regards the large crowdsourced threat database. Data that goes in this store is anonymized, or stripped of all customer-specific traits. A separate store is allocated to home network models, which Dojo uses to perform its machine learning functions and create the rules that apply to the local network of each Dojo device. This data can prove valuable for someone who would go to the great lengths of hacking the company’s servers. That’s why Dojo stores as little information as possible and encrypts it to protect it against data breaches.
Another concern that I had was how much Dojo relied on the cloud server to perform its functions and if it would continue to work in case it couldn’t access its server. As it happens, the device itself is a small powerhouse with a dual-core processor, 2 GBs of RAM and 4 GBs of on-device storage. All of the network monitoring and protection is performed by the device itself in real time.
The Dojo connects to the cloud to update its threat signatures and network protection rules. If its connection to the Dojo server breaks, it will continue to function as normal, and will sync itself with the cloud when the connection is re-established.
One thing that I liked about Dojo was the flexibility it offers to users of different technical levels. While the app’s interface is designed for a user with little technical knowledge to make sense of, it also has some hidden features that will let more advanced users customize it to their liking.
The My Devices section, where you keep track of the devices that are connected to your home network, enables you to manually configure port forwarding for any device that should have external access. The same section also enables you to block or unblock a specific device’s access to the internet or to set parental controls for computers, smartphones and tablets.
While on the flexibility, I did find the event log a bit crude. Currently, it looks like a chat feed, where you can scroll up to see previous events. While this makes it simple as possible and avoids adding too much clutter to confuse users, I would’ve nonetheless liked to see some options that would enable more advanced users to search through records or investigate events by seeing more details about specific attempts, such as IP addresses, device types, etc.
Overall, I was pretty satisfied with the Dojo. While it will not replace the endpoint solution you install on your computer, it’s a must-have to prevent your home network and smart gadgets from coming under attack. I would recommend Dojo to both entry-level users and those who want the benefit of security and customizability for their home network. I especially think the two-factor authentication functionality it provides to remotely accessible devices is pertinent.
The Dojo comes with a $199 price tag and a $99 yearly subscription fee. Some may find it a bit steep, but I think it’s a small price to pay to have more security and control over all the computers that are hanging around in your home.