Safety & Privacy
Plume Advanced IoT Protect: defending your network
by Susmita NayakMarch 2019
The latest feature in the Guard suite: Advanced IoT ProtectTM detects unusual device behavior and helps protect your IoT devices from digital home invasions. In our last post, we talked about how HomePass' “Online Protect” feature helps keep your devices safe from known cyber-attacks, malware, phishing, botnets and more as they connect to the Internet. This feature uses enterprise-grade threat intelligence databases that are updated multiple times a day for new threats. As part of our continued commitment to reinventing smart home security, today Plume announced a powerful and unique new feature - Advanced IoT Protect. This feature protects vulnerable IoT devices like thermostats, cameras, lights, doorbells, coffee machines, and many more from compromising your home’s safety, cybersecurity and privacy. The feature will be enabled by default beginning April 15, with no new setup required, as part of HomePass membership.
Why is Advanced IoT Protect needed?
We define IoT devices as those on which users don’t interact with a browser - think thermostats, cameras, lights, doorbells, your smart coffee machine. These are unique because they cannot be protected with antivirus software. Attacks on IoT devices are growing steadily; two out of three cyber-attacks in 2016 were aimed at IoT devices. The attacks can target any connected device as attested by recent reports on voice assistants, light bulbs, baby monitors and doorbells. These devices are easy targets for attacks due to exposed sensitive ports, use of default passwords and other software vulnerabilities generally exploited by hackers and commonly shared on the dark web. Successful attacks can compromise sensitive information, putting your privacy at risk and potentially participating in broad scale DDoS attacks on the Internet.
Protection using Behavioral Analysis and Anomaly Detection
Plume leverages artificial intelligence and cloud powered machine learning algorithms to learn the normal behavior of IoT devices and build profiles of legitimate connections to the internet. Device behaviors are learned by looking at activity from similar devices within Plume’s global network. A fundamental enabler to this protection is accurate device identification, which helps distinguish a thermostat from a doorbell, or an Alexa voice assistant from a Google Home. These behaviors are coded into device specific rules and enforced when devices connect to the Internet. If device activities do not match with known behaviors and exceed a risk threshold specific to your behavior and that of the general population, they may be flagged as suspicious. Population behaviors are kept updated so as to keep up with continually changing device behaviors.
A novel, real-time defense: Home Network Quarantine
A network is only as strong as its weakest link. The router provides the best defense but only from and to the Internet. Within the home network, various ports and services are made available for purposes of home automation and seamless access to data across devices. Once an IoT device is compromised, it is easy to infect another device with the same or more potent malware in an attempt to take control of the device for denial of service attacks (DDoS) on the Internet, install ransomware, or to steal personal data. Leveraging control and visibility offered uniquely by HomePass, Guard prevents malware from spreading to other connected devices by quarantining the infected device onto an ‘Internet only’ private network. Quarantined devices have access to the internet but cannot communicate with other devices on the home network.
How the solution works
When an IoT device behaves abnormally, you are alerted immediately through the HomePass app. No action is necessary at that time as the system has already blocked the suspicious connection and quarantined the device with “Internet only” access, preventing the potential spread of infection to other connected devices within the home network. You will need to take appropriate corrective action, recommended in the app, to fix the issue. Once the recommended fix is completed, you can unquarantine the device. Alternatively, if you know and trust the website the device is connecting to, you can approve it manually, which will take the IoT device out of quarantine and allow it to communicate with others in your home network.
More visibility to go along with more security
We have also introduced a new visualization screen of all security events, allowing you to see and better understand security protection events over the last 30 days. Monitor your events graphically, including through interactive filtering by event type and a per day zoom by scrubbing the graph for a detailed list of events. Security events are visible for either a device, person or for the entire home.
Privacy and Plume
We are committed to driving transparency into what data we collect to provide security features, along with allowing you full control over disabling features should you worry about privacy. For purposes of behavioral analysis and anomaly detection, we collect network traffic metadata like DNS, IP flows, and size of packets sent or received from IoT devices. The data is aggregated across similar devices, which is then consumed by machine learning algorithms to generate normal traffic patterns. We only show these blocked sites in the HomePass app to you, the user. Access to your data is restricted to Plume employees on a need-to-know basis and subject to strict access controls. Our employees only see your data in order to improve your experience, like to assist you on a customer support call, and only after asking you first.