Local ISP offers 'clean pipes' to protect Web-connected devices

Its service acts as first line of defence by blocking threats at network level

The proliferation of smart consumer products like Web cameras and television sets in homes has made such Internet of Things (IoT) devices targets of hackers.

But recent developments could offer consumers some protection against IoT malware and hacks.

Yesterday, local Internet service provider (ISP) ViewQwest launched a new service that it said could secure a consumer's home broadband connection by scanning for and blocking threats at the network level, without the user having to install any software on their IoT devices. It acts as an important first line of defence to provide peace of mind to IoT device users without making them jump through hoops to download security patches for every individual computing device on the same home network.

The $5.99-a-month service, called SecureNet, uses cybersecurity company Palo Alto Networks' firewall technology to block malicious websites and malware by referring to a database of known threats.

Small and medium-sized businesses pay more at $16 a month due to their higher Internet traffic.

SecureNet can prevent a user who visits a website or clicks on a suspicious link, such as in an e-mail, from being redirected to a malicious site. It also stops malware from being downloaded from websites, e-mails and other software already installed on a device.

Suspicious e-mails that could be scam or phishing e-mails or have malware can also be blocked.

ViewQwest chief executive Vignesa Moorthy said: "SecureNet works similarly to how we screen people at a venue's entrance to ensure that we do not allow the entry of infected people into the premises."

The firewall can also block communications between malware already on a user's device and a hacker's command system located elsewhere.

On top of that, Mr Moorthy said the technology can learn on the go to guard against new security threats that have not yet been discovered by security researchers.

The issue of IoT malware and hacks came under the spotlight after it was revealed last week that more than 100 million IoT devices globally - from smartphones to industrial control systems - have flaws, dubbed Name:Wreck, that could let hackers gain control of the devices and take them offline.

Palo Alto Networks said such vulnerabilities can be covered by SecureNet with an update.

Mr Ryan Flores, IT security firm Trend Micro's senior manager for forward-looking threat research in Asia-Pacific, noted that companies can protect against Name:Wreck IoT exploits with an intrusion prevention system that monitors networks for threats and stops them in their tracks.

Firms can also pair this with solutions that can detect threats and deliver "virtual patches", which are short-term fixes rolled out at the network level to prevent exploits, while a software patch is being made.

These developments come amid an expected boom in IoT devices globally. Research firm Statista said the number of such devices worldwide is expected to hit 30.9 billion by 2025, a sharp jump from 13.8 billion forecast for this year.

This means more potential targets for hackers.

Palo Alto Networks said last year that 57 per cent of IoT devices are vulnerable to medium or high-severity attacks, "making IoT the low-hanging fruit for attackers".

While SecureNet does away with downloading security software and ViewQwest claims it can guard against up to 95 per cent of unknown threats, Mr Moorthy said it is only the first line of defence against cyber-security threats.

This is because there may still be viruses, malware and other threats that can infect consumers' devices when they connect outside of their home network, such as on public Wi-Fi or mobile networks.

So, using IT security software and a virtual private network for a secure connection can help, he said.

ViewQwest's move is akin to the "clean pipes" Australia is considering. Prime Minister Scott Morrison announced last year a funding commitment to allow Australia's government and major telcos to "prevent malicious cyber activity from ever reaching millions of Australians across the country by blocking known malicious websites and computer viruses at speed".

In Singapore, the Government moved to address the IoT threat by updating in January an initiative that gives consumers an easy way to figure out how secure smart home devices are. The Cyber Security Agency of Singapore (CSA) expanded the voluntary Cybersecurity Labelling Scheme to include all types of consumer IoT devices, such as smart lights, Web cameras and robot vacuum cleaners.

When it was launched in October last year, the scheme - which rates the cyber-security levels of devices - applied only to Wi-Fi routers and smart home hubs.

A Level 1 rating means the device maker has ensured there is a unique default password and that software updates are automatically pushed to the products.

The highest Level 4 rating requires products to be sent for structured penetration tests conducted by CSA-approved third-party labs.

Associate Professor Anupam Chattopadhyay from the Nanyang Technological University's School of Computer Science and Engineering said that the scheme is an "excellent initiative that ensures emerging sectors like IoT strictly adhere to best security protocols".

"At the same time, it creates awareness of security among consumers," he added.

A version of this article appeared in the print edition of The Straits Times on April 20, 2021, with the headline 'Local ISP offers 'clean pipes' to protect Web-connected devices'. Subscribe