Protecting the Internet of Things

If you think PCs are vulnerable to hackers and digital eavesdroppers, imagine a home filled with tiny computers embedded in everything from door locks to refrigerators.

You may not have to use your imagination for long.

There have already been numerous cases of hackers accessing home webcams. And researchers are continually pointing out poor security in new connected devices that have been rushed to market. Everything from cars to washing machines are hooking up online, offering hackers the opportunity to become the 21st century version of Thing 1 and Thing 2, running amok in your home, turning on the coffee machine, turning off the heat, flinging open the garage door, and making your robotic vacuum chase the cat around the living room.

Obviously, downloading individual software patches for the dozens of potentially vulnerable devices in a house is not practical. It would be like having to change the keys for your front door every day. So antivirus company Bitdefender has a new approach: Put a box on it.

The $199 Bitdefender Box, which is slowly being rolled out in the U.S., is a white device the size of a hamburger that plugs into your network and monitors all the traffic and devices connected in your home. Should your daughter inadvertently try to open a Chinese malware site or your spouse click on a video of a kazoo-playing hamster that contains a virus, the Box will block it.

Installation and setup are simple: Plug it into your router via a supplied Ethernet cable. Download the related app for iOS or Android to your smartphone, sign up for service, and allow the Box to connect to your network. In my case, it automatically recognized a Netgear router, but Bitdefender did advise me that some customers may have to manually change some settings in their Wi-Fi routers.

Once installed, the Box looks for devices on your network to monitor. (It can also function as a basic Wi-Fi router if you don't already own one.) In my tests it saw nine active devices within the first 15 minutes -- sundry PCs, laptops, iPads, and smartphones -- and within a day, the Box flagged several attempts to infect my equipment.

Some malicious sites show up in the first page of Google search results. I've found some particularly virulent sites in search results for scientific and chemical terms, for example. In other cases, a bogus ad or other piece of software may be embedded in a legitimate site -- unbeknownst to the owner.

The advisories show up in the smartphone app. And the Box even covers traffic to connected devices like game consoles. Bitdefender continually collects information on cyberthreats around the world in order to identify suspicious traffic, which also includes cookies that have a bad reputation.

One significant benefit of the Box is that it automatically keeps an eye on guests who sign onto your network. Friends often ask for access to my Wi-Fi network, and I'll admit that I fret about what trouble they might cause.

While the Box can look for unpatched software on phones and computers, it cannot do the same for things like networked lights and thermostats. But that is the eventual goal. The company is constantly updating the Box's defenses. Consequently, after the first year there's a $99 annual subscription fee, which is not unreasonable given that it covers an unlimited number of devices.

No protection is perfect, but, then again, just because someone can smash a window to break into your house doesn't mean you shouldn't lock the front door. At this stage, the actual Internet of Things-related threat is small, primarily because there's no standard software (like Windows) for hackers to target. However, in the future that will change as homes become smarter. The Bitdefender Box approach may turn out to be the best way to prevent future digital break-ins.