When Internet of Things (IoT) security technology startup Minim tested its new home and office Wi-Fi-management and -security technology, a connected landscape-watering system in the trial’s network exhibited some suspicious behavior. The home-irrigation solution was using its Wi-Fi connection not only to provide data regarding landscape watering to home owners, but also to communicate with an unknown Russian server. The incident helped to illustrate that the need for security and management of the growing number of Wi-Fi-enabled home devices was becoming ever more critical.
Minim is now offering a package of connected home-management and -security solutions for Internet service providers (ISPs) to catch such activities as the one into which the irrigation system was lured. The system also provides tools for ISP help desks, to help them remotely understand and troubleshoot problems in customers’ Internet service.
Minim was founded by Jeremy Hitchcock, the company’s CEO, who has a personal understanding of how vulnerable systems can be to attack. He was also a co-founder of domain name system provider Dyn, which was attacked during the October 2016 Mirai malware botnet incident. The attack targeted Internet-connected devices, such as printers, IP cameras, residential gateways and baby monitors, all infected with the Mirai malware.
Hitchcock began working with Alec Rooney, now Minim’s engineering VP. “From an IoT standpoint,” Rooney says, “it wasn’t like they used a sophisticated attack.” Rather, he explains, they simply infected devices over time, based on their exposure to the Internet, and eventually used those devices to disable servers across many businesses.
Since that time, Hitchcock, Rooney and a team of engineers launched Minim with the mission of helping to prevent such attacks for those with home IoT systems. The vulnerabilities of IoT devices are a growing concern, Rooney notes, as many are built by consumer product companies with no special security background, using hardware from a variety of vendors, making them unwittingly prone to attack.
“The challenge is that there is no good measure of compromised devices out there,” Rooney says. As such, not only does the IoT industry have little understanding of the degree of vulnerability, but device owners simply don’t know whether or not hackers have compromised those smart objects—appliances, televisions, thermostats or other systems. This lack of visibility into when a device might be at risk is what Minim hopes to address, while also providing better IoT device management in each home. “Our philosophy,” he states, “is to make security and network management approachable.”
This year, the company has raised $2.5 million with funding from Flybridge Capital Partners and Founder Collective. The technology is being piloted by Burlington Telecom, a Vermont-based ISP, as well as several unnamed companies. Minim’s IoT platform aims to help ISPs manage and secure connected homes as they become more complex, with a growing number of IoT devices.
An ISP that adopts the solution first supplies customers with routers that have Minim firmware installed. With the firmware, the routers can then do more than simply provide connectivity to homes or small offices. They can also identify each device that accesses the network, when it connects with particular sites, and the amount of data being transferred. Every device has a fingerprint that is automatically collected, Rooney explains, so the solution knows if a device is, for instance, an Apple TV, a laptop or an Android smartphone.
“Once the device is identified,” Rooney explains, “the ISP can provide customer care and address security issues” for each item. For example, if a home owner is having trouble accessing Netflix, he or she would traditionally call the ISP, which could only test the Internet connection into the home. Often, the first piece of advice is to reboot the router.
With the Minim platform, the ISP can view which devices are on the network, as well as how they are being used and what might be causing connectivity delays for a specific device. For instance, another device might be downloading videos or images at the same time. The ISP provider can view that activity during the help call by accessing the Minim software, and can then provide corrective actions.
In the event of a security problem, the provider can identify that as well (such as a device connecting to a suspicious site). The activity is collected not only in real time during a help call, but 24 hours a day, every day, and is saved for several weeks. In that way, the ISP can view a suspicious event even days after it occurred.
If a home owner sought access to the security and use-based data as well, the ISP could provide that access via a Minim Android- or iOS-based app. It could then sign into that app, whether or not it was having problems with its network, and view what activity has been taking place with each device. In the future, the company reports, the app will also enable users to receive an alert if a flagged activity has occurred with one of the user’s account devices.
Minim is partnering with router manufacturers and is working with ISPs and other care providers for the connected home and office. About a dozen companies are either piloting or have deployed the system in the past year. Rooney says its cloud-based servers are encrypted and highly secure in a multi-tenant system, so that each user can only see his or her own data, and so that no data can be accessed by outside parties.