And why all the machine learning happens inside your home network
WHILST WE were galavanting around Las Vegas last week, we spent some time with Bitdefender, the Romanian internet security company who perform repeatedly well against their bigger rivals in bench tests, often taking top honours.
We caught up with Alex Balan, known to most - and now us - as Jay, the company's chief security researcher. As the company releases its Bitdefender Box 2, a combined router, VPN, network manager, firewall and antivirus box (hence the name) which is coming to the UK in early February.
He enthuses about the need for such a product, and its place in the wider online security marketplace.
"Arguably there's hours to be said about the functionality of the product- there's mobilesecurity for Android, a set of features, total security for Windows/Mac, a set of features, and parental and so on and so forth, but specifically for Box, Box was designed with threats in mind," he swooned.
"So we looked at how Botnets like Mirai worked, for example, and we've built honeypots and tried to use those to understand how people compromise devices and we've examined higher priority attacks that happen as a daily basis. "
Bitdefender Box comes bundled with a year of endpoint software (basically anti-malware protection) for your laptops and mobiles, as well as wider network protection for the home network. Its aim is to try and catch out some of those pesky IoT devices that you've forgotten about that are only as secure as your home network.
Take Smart TVs for example. No anti-virus, probably no password. But it has an operating system, and with the right intervention that can be altered to turn your lump of screen into part of a botnet.
So the key is ensuring that the network is secure to begin with. Which causes problems when we live in a world where devices are designed to talk to each other by default.
"It's either through UPNP or it's a misconfiguration of the router or whatever," explains Jay.
"To give you an example, the talk that we did last year at DefCon - there's the firmware device which is embedded intomultiple brands, so many brands are bearing the same firmware. And that particular firmware does both port forwardong through UPNP and it has this embedded hidden thing, so all the devices using that firmware are accessible through the internet."
Don't worry if "hidden thing" isn't very scientific - the science is coming….
"All of them have a buffer overflow which enables an attacker to get full command execution on the device so full system access. And we're talking about a hundred and several thousand, the word is about a 170,000 are exposed.
"And it's kind of these small things that you cannot necessarily blame the user because the user has no way of checking if a device is safe or not before they put it in their houses."
So how does Box prevent it?
"First it does a full scan of the devices in your house inspecting each open port and mapping those and public don't know about those abilities, or maybe there's some weak passwords in the devices, things like that, and besides that it has these network filters to block exploits - brute force attacks and many other types of attacks.
It also, for example, has an engine that blocks sensitive information from leaving your network unencrypted, which is both a privacy threat but also an actual threat because there's applications that will send your postcode for example or your geographical location, so we've built an engine specifically for this so we catch sensitive information leaving the network, and if we're able to see that we block it because we shouldn't be able to see sensitive information."
It all sounds very complicated. Jay explains that, actually it isn't all that. By telling us some complicated stuff.
"So it's a very simple engine, the most complex part of that engine is identifying what sensitive information looks that but besides that no sensitive information should leave the network at any time. Then we have an exploit prevention enginethat stops stuff like command injection, SQL injection, brute force and things like that so all of these types of common attacks used by botnets we're adding them as counter measures into the box. That sums it up.
One of the biggest problems with IoT devices is that quite often, they have a password - but users don't realise and thus never change it from the default.
This means that anyone with access to your network has a very easy job of working out how to access these devices. Enter Box.
"It will spot if there's a default password and not only that. Say that you purchase something that you change the password on, right? But what happens if there's another interface that you didn't know about because it isn't documented in the setup flow?
"There's so many of those. You have FTP open and so many devices, obviously people don't look for those because they read the manual and they're like ‘ok next next next' and there's devices that even say you have to set a strong password here and the person sets a strong password and they're like ‘great I've cracked this' but at the same time you have another two backdoor users that document it and people like me knowing about them and they also have an admin port open with 123456 in a group.
"So even though you set strong passwords there's maybe other phases or other backdoor users that you didn't know about, and we're checking for those as well.
Although Box is the primary product launch there are some hints of what's to come. We touch briefly on an enterprise version of the product in development, but in addition, the company has announced partnerships that will bring the clever bits of code into third-party devices. The first partner is Netgear, who announced a range of routers with Bitdefender built in at the show.
But, we ask, doesn't that dilute your own offering? The secret is scaling.
"Given the experience with Netgear, the best approach is not to make it for all intents and purposes available, but rather to focus on each partner to make sure that they have the best experience possible. So wherever we sign next is going to have a lot of focus, a lot of attention, a lot of resource, and rather than doing a bad job with 10 partners we're going to try to do a good job with 3 or 4 tops."
Another hidden gem in a Box defended network is the parental control - unlike anything you've seen before. It uses AI and natural language processing to detect the sentiment and context of interactions on the web, and can alert parents that it might be worth having "a little chat" but without ever compromising the child's privacy - the parent won't have access to what's been said.
"We think this is a great education with the parents as well because maybe there's something to be invasive, and you make believe in this but we believe it's not OK to read your teenager's private things.
"Understanding what's happening in these conversations is a challenge it's a complete novelty, it's something nobody else has done so far, so this is why when we launched it we were like OK it worked in the 100,000 tests that we've done but in real life scenarios it's always up for beta, then about 2/3 weeks into the market we started receiving feedback from people that were amazed."
As for privacy from Bitdefender - well, there's nothing to worry about. Jay jokes: "Data is not uploaded. The machine learning is done locally. It's simply because we don't want to receive naked pictures of your kids!"
Another big problem with these devices that you really just want to set and forget is that quite often there's problems discovered later. But getting people to update the firmware to combat those vulnerabilities…. well that's just a bit harder.
"First of all, it's ok to have security issues. You need to have a program in order to be aware of them, be open to receiving them. We tried to contact companies for which we've discovered vulnerabilities and they've not replied to emails.
"We've email contacts = Security, vulnerability, we've even emailed site channels and said ‘do you know anybody at that company because we want to report something' so no direct channel for receiving security and no decent update process. So even though some of them publish the updates the adoption rate is below 0.1 per cent. "
Don't you wish sometimes this would just all go away?
"I hate to tell you this but the raison d'etre for the cybersecurity industry as a whole and as an abstract concept is because stuff doesn't go the way it should do.
I"t's because creative hackers and creative bad guys and creative scammers and creative fraudsters, and fraud as not a cybersecurity term not people on the corner of the street saying ‘hey, dya want a cheap apartment' the whole reason for these guys is to prey on the people, and this is why we come into play.
"It's the same in everything. It's the way you have Antivirus on your Windows machine, it's the reason you have a firewall and border control and the reason why you use automated protection rather than going brave like many people which I completely do not recommend. ‘I know that I can take care of myself. ‘ I'm somewhat of a security expert and I don't know where I can take care of myself."
But that's not the whole story. The big problem is that hackers will always be one step ahead, or they'd be pretty rubbish hackers.
"It's also a case of a hacker knowing more than you do and a hacker will always know more than you do. We are trying to know more than the hackers, so that's kind of why we are doing what we're doing with Box and with everything that we're doing, this is why. We've had a case a few weeks ago when one of the major live streaming websites was mining with peoples browsers - unless you're fully protected with confidence, you go to your usual websites and your guard is totally down."
In order to increase adoption, and bring Box to the masses, the next launch will be Box-as-a-Service, which will include a subsidised BitDefender Box 2, and all your protections for a single monthly fee.
In the meantime, you can grab yourself a Bitdefender Box for £179, starting in early February, including a year of service and software. After that, renewals are £89 for the year. μ