Your smart home thermostat or doorbell may be freelancing in its spare time.
“They are phoning home to some bad places,” said Jeremy Hitchcock, CEO of Wi-Fi cybersecurity and management software startup Minim, whose software lives in routers to manage Internet activity and the online activity of IoT devices. (More on Minim’s growth below.)
Web-connected home appliances—thermostats, coffee makers, refrigerators, blinds—are made to occasionally ping control servers for instructions, but Hitchcock says Minim has been blown away by how often some devices are making “calls” to other corners of the Internet at the behest of someone other than its creators.
“Everyone’s been surprised there’s so many devices that are ‘born bad’ from a factory,” he added.
Hitchcock wouldn’t go into more detail about his findings yet. He said his team is figuring out whether to report the vulnerabilities to an independent cybersecurity firm, the manufacturers, or a university.
“We are still trying to unpack it,” Hitchcock said. “There is stuff that has never been reported before. No one is ever really given this type of visibility at such a large scale.”
This silent hijacking of Internet-connected devices is why Hitchcock started Minim, which is based in Manchester, NH. His former Web infrastructure firm Dyn (bought by Oracle (NYSE: [[ticker:ORCL]]) in November 2016, reportedly for north of $600 million) was hit by a massive botnet attack that crashed much of the Internet. How’d it happen? An IoT army of baby monitors, rice cookers, and video doorbells infected with the Mirai malware.
Founded in 2017, Minim created a Wi-Fi tool that tracks the usual activity of an IoT device, giving it a unique “fingerprint” for where it should be communicating for instructions, so it can alert users when the device is doing more than that and potentially can get infected with malware. The tool also lets users manage the Wi-Fi bandwidth and parental controls and provides service providers a peek into system performance and help diagnosing issues.
Last year, Minim raised a $2.5 million seed funding round led by Boston-area venture firms Flybridge Capital Partners and Founder Collective.
The company today acquired MCP Networks, a small North Dakota company that developed Aerez, a similar Wi-Fi management tool designed for routers used by wireless Internet service providers, or WISPs. Terms of the deal were not announced. MCP’s five employees will stay at their current offices. Meanwhile, Minim has a “couple dozen employees,” Hitchcock said.
Hitchcock said he’s exciting about branching out and working with WISPs and their subscribers.
“In some ways, they are early adopters, quick to try new technologies and good about giving feedback, a different dynamic. The vendor ecosystem is very different,” he said. “We are excited about this more innovative and very vocal—in a positive way—crowd we get to have as a cohort to make the product better.”