Sniffing Radio-Frequency Emissions to Secure the Internet of Things
Monitoring the usual behavior of Internet-connected devices could make it possible to detect malicious activity.
Market researcher IDC estimates that there will be 30 billion connected devices by 2020.
A startup called Bastille says it can help companies detect the hacking of devices connected to the so-called Internet of things, which is looming larger as a target for computer crimes.
Bastille Networks measures the typical radio-frequency signature of all the devices in an office—sensors, industrial control systems, employees’ phones, their fitness bands, Wi-Fi routers, and so on. If anything unusual develops, because a sniffing device has been placed in the office, for example, or because someone appears to be remotely accessing an Internet-of-things-connected device for malicious purposes, Bastille can tell the IT staff. Bastille has been testing its technology with some financial services companies since December and plans to make its technology available to other companies in late 2015.
Atlanta-based Bastille, founded last year, can spread its radio-frequency sensors throughout an office to monitor connected devices that operate over communication protocols like Wi-Fi, Zigbee, and Bluetooth low-energy, as well as over cellular networks. The company’s software can determine where these devices are located to within three meters. In the pilot test, CEO Chris Rouland says, the sensors are being placed in areas considered most important to secure, like data centers and executive offices.
Matt Reynolds, an associate professor at the University of Washington who researches radio-frequency technologies, says that one challenge in using radio-frequency monitoring is that not all devices advertise their presence by emitting signals. Some could be set to wake up only when triggered by an attacker. “The mere fact that the device is not advertising its presence doesn’t mean it’s not present and listening,” he says (see “Internet of Treacherous Things”).
“Just like the rest of the Internet, the advantage is on the attacker,” Reynolds says.