AVULNATOR prototype in action!

Dor1s — Mon, 06 Jul 2015 11:15:21 +0000

Recently, we have presented the first prototype of AVULNATOR ever. The announcement took place at Positive Hack Days conference in Moscow.

Now it is time to publish a bit more information about the first prototype of AVULNATOR to our blog. Additional bonus here is Proof-of-Concept video at the end of the article.

Well, there is no doubts that AVULNATOR is a revolutionary device for home network protection and its prototype should has some touchable appearance. Honestly, its first piece has not incredible design and awesome look yet; however, it looks pretty hardcore right now being packed in our handmade case :)

Speaking about functionality of the AVULNATOR, to use its prototype right now you need just to do the following two steps:

Connect AVULNATOR to your home router (or to ISP cable, in case you do not use your own router)
Set up your smart electronic devices to be connected to AVULNATOR’s wireless network

That is all what you need to do. For some smart devices also may be needed to add their models at AVULNATOR’s control panel. Check PoC video at the end of the post to ensure how easy it is.

Since you connected your devices, AVULNATOR starts to protect them against any possible cyberattacks. According to OWASP: IoT Security Checklist originally contributed by Wallarm Inc. experts, AVULNATOR supports all possible threat models considered so far:

It is a very good point. While choosing any sort of protection, one should clearly understand which kind of attacks and threats he is going to mitigate. Protection against highly theoretical threats (like external attack via direct connection to smart electronics) is meaningless, because in more than 99% of cases such attacks are not possible. As a result, there is no reason to pay for this.

Below is Proof-of-Concept video of how the prototype works. There you can see interface of AVULNATOR's control panel and demonstration of its protection in action. Initially, protection is turned off (“Security status” option). Then a public exploit for one of smart devices is used to get root access to the device. Further, we enable security status of AVULNATOR and check exploit again. Enjoy.

AVULNATOR: Proof of Concept video from AVULN Security Industries on Vimeo.

Tags:

avulnator

internet of things

IoT

smart house

home

PoC

My home is my castle… or no longer?

Dor1s — Thu, 12 Mar 2015 12:21:43 +0000

From ancient times home is associated with safe and quiet place. Seems like soon it can be changed.

Recently Forbes published an article about possible vulnerabilities in Nest Thermostat. Vulnerability looks unexploitable in practice because physical access to the device is required. However, it is easy to imagine some distributor’s employee or a serviceman getting access to your device and then getting control of it.

Nest Thermostat is a great device and now treated as one of the most secure, according to Forbes. The same thing cannot be said about other “Internet of Things” stuff:

IoT-era is only raising now. Importance of information security acknowledged now better than ever. Despite that, between comfort and security, we always prefer comfort. Usually comfort has nothing in common with security. It is why creating incredible and high-quality products is so difficult and require many resources for vendors.

Currently serious cybersecurity threats for our homes are related not only with innovative devices. Most of all widely spread routers for home have so many different vulnerabilities. Yeah. Hackers exploit such security holes, as KrebsOnSecurity reports, and do it very successful.

An attacker controlling your router may control all your traffic. Such evil thing affects not only your privacy, but also makes another threats become actual. Sure, you have already heard about HTTPS (HTTP over SSL/TLS) which made to protect traffic against eavesdropping. News, especially recent news reveal that it is not perfect at all: Heartbleed, POODLE, FREAK, what’s next? Also some vendors give good opportunities to hack their customers.

Vulnerabilities in home routers along with software holes in endpoint devices make very easy to steal your money from online-banking or your private photos from cloud storage.

If somebody is not sure of the possibility of practical implementation of such threats, this write-up, for example, may serve as a proof of concept. It is not a hacking tutorial; it is just solution of one task from a hacking contest. But it really shows step-by-step how to realize attack very similar to the one described above.

May be it looks hard for a normal user, but actually it is very easy to implement.

Hackers are thieves. Default-password is like an opened door to your home. Out-of-date software is like an opened window.

Should we be scared? No. We must be extremely attentive now to prevent our families and folks from trouble. It really matters. We should carefully use opportunities of modern technologies and fully understand (when it’s possible) what we do each time using the Internet.

To help you with that, we at AVULN Security Industries are developing AVULNATOR. The device that will block malicious traffic incoming to your home network and other malware activity. AVULNATOR will be always up-to-dated because of our distributed cloud-based monitoring system. Read more at our AVULNATOR page.

Pre-oder does not require payment, but gives your 10% off discount.

Placing pre-order now, you help us make AVULNATOR cheaper.