It seems like every IoT security startup begins its pitch with the Mirai botnet, which was unleashed in 2016. The botnet, which took over connected routers, networked DVR players, and other connected devices, was the largest attack of its kind. Why? Because instead of just using computers, it also managed to infect connected devices. The hackers’ ability to corral so much bandwidth and compute power led to a denial-of-service attack aimed at Dyn, which provided DNS services to many companies.
The attack was so large it crashed sites such as Netflix and Twitter, which relied on Dyn.
It was the attack that showcased the complete lack of security in a variety of connected devices. While many of these devices had been around for years, hackers are increasingly taking advantage of them because they are easy to infect and rarely updated, and because people often don’t notice when their DVR is behaving strangely because it’s being used to attack random internet sites.
Mirai was a wake-up call for device makers, security researchers, as well as consumers. Mirai, in combination with dozens of stories about hacked baby monitors (just changing the default password would have stopped many of those), got consumers worried about what their Alexas or connected light bulbs might do with unfettered access to the internet.
Companies such as Cujo, Dojo, Keezel, and others rushed to fill the void. Most of those startups offer a physical security device or software that sits on a consumer router and watches network traffic. The security products scan for devices that call out to weird servers and locations — behavior that doesn’t fit the profile of a TV or fridge, for example — and blocks known malicious sites.
It also woke up Jeremy Hitchcok, who was a founder and former CEO and chairman at Dyn. He saw the smart home security problem and decided to build a solution, so in 2017 Hitchcock created Minim to do just that. Like some other products on the market, Minim creates profiles for device traffic on the network, and pings users when devices behave strangely. It also offers tools for service providers and users that let them better manage their Wi-Fi networks.
But unlike many of the other products serving the consumer market today, Minim sells to internet service providers, not directly to consumers. It makes sense. In many cases, these devices can be a challenge for people to install; they often break devices’ connections to the internet and require users to answer questions about port configurations, for example.
But ISPs can handle that level of complexity, and they really want their customers to have a good online experience. Most ISPs say most of their customer support calls are related to bad Wi-Fi. They are already solving this problem with new types of routers and services to make in-home Wi-Fi a feature that consumers will pay for. The best example is Comcast, which has invested in Plume mesh Wi-Fi routers and tweaked Cujo’s security service to make it easy for consumers to use.
Minim wants to entice other ISPs to follow Comcast’s lead in offering security and Wi-Fi as part of a broadband package. For many consumers accustomed to paying more and more each year in fees along with base charges for broadband access, it might offer a way for ISPs to justify the continued price increases.