Everything Set uses AI to monitor how changes in the way devices connected to a homeowner’s network act can signal malicious activity.
Network security in smart homes is a fast-growing problem. New smart home devices, especially with the introduction of the soon to be released Matter protocol, are moving to the internet of things (IoT) with direct connections to the homeowner’s network. With this migration comes increased risk. According to Rambus Corporation, a semiconductor manufacturer, these risks include:
- Man-in-the-middle: An attacker breaches, interrupts, or spoofs communications between two systems. For example, fake temperature data “generated” by an environmental monitoring device can be spoofed and forwarded to the cloud. Similarly, an attacker can disable vulnerable HVAC systems during a heat wave, creating a disastrous scenario for service providers with affected models.
- Data and identity theft: Data generated by unprotected wearables and smart appliances provide cyber attackers with an ample amount of targeted personal information that can potentially be exploited for fraudulent transactions and identify theft.
- Device hijacking: The attacker hijacks and effectively assumes control of a device. These attacks are quite difficult to detect because the attacker does not change the basic functionality of the device. Moreover, it only takes one device to potentially re-infect all smart devices in the home. For example, an attacker who initially compromises a thermostat can theoretically gain access to an entire network and remotely unlock a door or change the keypad PIN code to restrict entry.
- Distributed Denial of Service (DDoS): A denial-of-service attack (DoS attack) attempts to render a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the internet. In the case of a DDoS, incoming traffic flooding a target originates from multiple sources, making it difficult to stop the cyber offensive by simply blocking a single source. In fact, DDoS attacks are rising rapidly, primarily due to the lack of security in IoT Devices. The Mirai botnet attack was a massive distributed DDoS attack that left much of the internet inaccessible on the U.S. east coast.
- Permanent Denial of Service (PDoS): Permanent denial-of-service attacks (PDoS), also known as phlashing, is an attack that damages the device so badly that it requires replacement or reinstallation of hardware. BrickerBot, coded to exploit hard-coded passwords in IoT devices and cause permanent denial of service, is one such example. Another example could see fake data fed to thermostats in an attempt to cause irreparable damage via extreme overheating.”
With the above in mind, homeowners and professionals installing smart home systems for customers need to be focused on securing a home that includes smart home devices. And, with smart appliances, smart TVs, fitness trackers, and similar devices, people might not even realize that they have an IoT device in their home that could be leveraged by bad actors in an attack.
Two years ago I wrote an article about two network security appliances designed for a residential setting: the Fingbox and Firewalla. Both of these products are still available today but there is a new product available that takes a different approach to network security, called the Everything Set service.
Everything Set is a California company that was founded in 2019. The Everything Set service consists of a small hardware box (network security appliance) that attaches to a homeowner’s network and cloud-based artificial intelligence (AI) that provides their unique network security services. The service has been in beta testing for almost two years in more than 250 homes, monitoring 5,000 unique smart devices.
Everything Set’s approach to network security is to use AI to monitor how devices connected to a homeowner’s network generally act, what data they upload to the cloud, what IP addresses data is sent to, and how often data is sent. Then, the Everything Set service’s AI looks for changes in that normal behavior that could represent malicious activity.
The Everything Set AI doesn’t rely solely on data collected from, for example, a homeowner’s Alexa device. Instead, it leverages data collected from every Everything Set service user who also has an Alexa device to better define what constitutes normal versus abnormal behavior. Finally, when the Everything Set AI finds abnormal activity, it notifies the homeowner through the Everything Set app.
According to David Knudsen, founder and CEO of Everything Set, “Almost 10% of people have a hacked device each year in their homes — surprisingly from major manufacturers, not necessarily the cheap devices [that] you would expect, which…are sending your data to unscrupulous places and could cause further problems in your life if unresolved.”
Privacy was also a prime design goal of the Everything Set service. It only monitors and analyzes data communications patterns. It doesn’t look into the contents of the data being transmitted and received by the devices connected to the homeowner’s network.
Hands on with the Everything Set Service
I was provided with an Everything Set box and the Everything Set service to evaluate for this article as part of their early access program.
First, it is important to understand how the hardware portion of the Everything Set service, along with competing network security appliances from other manufacturers, work. Most of these devices use a technique called ARP (Address Resolution Protocol) spoofing to monitor data on a network. ARP spoofing links the MAC address of the network security appliance that is connected to the network with the address of the network’s router. This tells the network to send all data packets to the network security appliance where they can be analyzed by the cloud-based AI. The network security appliance then passes the data along to the router.
In the box are the Everything Set box, power supply, an Ethernet cable, and brief instructions. The first thing that makes the Everything Set Box different from other consumer-oriented network security appliances that I have worked with is that all of those products have a plastic enclosure. On the other hand, the Everything Set box is housed in a rugged, machined, aluminum enclosure with a machined heat sink on one face.
Setup is very simple.
- Plug the Ethernet cable into the WAN port on the Everything Set Box and the other end into an open Ethernet port on your router. The Everything Set Box has a pass-through LAN port in case your router doesn’t have an open port.
- Plug in the power supply and connect it to the USB C Port on the Everything Set Box
- Download the Everything Set app on your smart phone
- The Everything Set app doesn’t require a password. You next simply enter your cell phone number in the app and it sends you a code to enter in the app.
- After providing the app with permission to find and connect to devices on your network it goes through the process of locating the Everything Set box and connecting to it.
- Once found the service goes through the analysis of the network it is connected to and a study of the communications patterns of the devices connected to the network. This process can take up to 24 hours. The app allows you to enable notifications so you will receive one when the process finishes.
After a full 24 hours, I received a notification that the Everything Set Box had finished learning about all the devices on my network.
The app is well organized with three tabs.
- Devices – Shows a list of devices found by the Everything Set service. The list is organized by categories, including appliances, entertainment, mobile and computers, networking hardware, productivity, and smart home.
- Feed – Shows a list of all notifications, summaries, reports, and updates provided to the user. The list includes filters so, for example, a user can choose to only see the alerts sent by the Everything Set service.
Each day, the Everything Set service provides a simple-to-understand, daily summary of whether your devices are behaving as intended or if there have been any issues detected. In addition, the service provides the user with a weekly activity report.
I found the weekly activity report to be especially interesting. First, it provides a score to give you a quick understanding of the security state of your network. It then digs into the details of the amount of data being shared by devices on the network. Graphs are provided that show the activity of the most active devices on your network. There is also detailed information provided on the data traffic, including the number of messages sent, a graph of traffic volume by day, the number of locations contacted, and a breakdown of the traffic destinations by device category. Finally, the report includes information on the performance of the network’s internet connection.
After the 24-hour period, when the Everything Set service collected information on the devices on my network, the list of devices it recognized wasn’t perfect.
- There were 12 smart home devices that it listed as “uncategorized”
- An additional 13 devices were in a separate category called “uncategorized”
- There were some errors in how it categorized a few devices in my smart home
Unfortunately, there isn’t a way for me to resolve any of these issues myself. I have kept detailed notes on all the smart home gear installed in my home, where it is located, etc. The Everything Set app doesn’t currently allow a user to enter, or correct, any of the information it has about the devices on a network; even if the user has the information to correct mistakes it has made.
In addition, you can’t add any more information to the app. For example, if you have 10 smart switches in your home, it is important to know where each one is located. If you were to receive a notification in the Everything Set app that that one of your smart switches was exhibiting suspicious behavior, it can’t tell you where this specific switch was installed in your home. I have suggested to the people at Everything Set that they allow a user to enter additional information into the app for each device, such as the device’s location in the home.
According to Everything Set they are working on improving the service’s ability to identify devices on a user’s network. This will be aided by the fact that as more people install the Everything Set box and use the service the AI will be able to identify more IoT devices. And, again, according to Everything Set, an upcoming release of the Everything Set app will include the ability for people to edit their device information.
Everything Set Competition
Everything Set is strictly focused on network monitoring and the identification of compromised IoT devices. While the Firewalla and Fingbox are more general-purpose network security appliances, from a consumer prospective, a comparison between the Everything Set service and the Firewalla and Fingbox is natural. There are two primary differences.
First, the Everything Set service does the work to monitor your network for suspicious activity for you. It is constantly monitoring the messages being sent by IoT devices on your network for anything suspicious. When suspicious activity is detected, it immediately sends a notification.
The Firewalla also monitors all the communications activity of your IoT devices. For the most part, however, it just notifies the user when any IoT device sends data to the cloud, leaving the user wondering if that activity was suspicious or not. When using a Firewalla, I would receive so many reports of IoT devices communicating with the cloud that I would fall into information overload and simply ignore them all.
As I stated above, the second difference between the Everything Set service and these other network security appliances is that, at least at this stage of development, the Everything Set service is focused on detecting suspicious communications activity while the competitive products offer a wide range of other features. Some examples are the blocking of new devices that connect to the homeowner’s network, parental controls, the ability to detect open ports and network vulnerabilities, scheduling internet downtime, ad blocking, and providing a VPN (Virtual Private Network) service. Whether Everything Set will expand the features of the Everything Set service in the future to compete in more ways with competitive network security appliances remains to be seen.
Areas for improvement
There are a few additional ways I think the Everything Set service could be improved.
First, the device list needs to include a device’s IP address. An IoT device’s IP address may change over time but it is so much easier to check a device against the list of devices connected to a router or in a manufacturer’s smart phone app by IP address than by MAC address. A user should also be able to quickly search the device list to find a device with a specific IP address.
Second, more information needs to be provided in the help section in the Everything Set app. A perfect example is the help in the weekly summary for the efficiency test. The help tells the user that lower is better for latency and if they have a high score then your devices may seem like they are operating on a delay. However, there is no context provided for the user. What is a high score? What is a low score? Throughout the help process, more extensive information needs to be provided so a user isn’t put in the position of having to Google for additional details.
Lastly, I’ll start with a compliment before my critique. Everything Set’s focus on user privacy is a very welcome change in an industry that collects as much data as possible about its users. During setup they don’t even require a user to create an account and provide their email address. The Everything Set service routes all communications to users through their app as notifications on the user’s smart phone. However, with all the notifications that pop up on people’s smart phones, it is easy to miss one. It would be nice if there was an option for important notifications, such as an IoT device potentially being compromised by a bad actor, also being sent as an email to the user.
The Everything Set service is an emerging product. At the time of this writing it is being offered under an early access program. At this early stage in the product’s lifecycle, it has some problems properly identifying IoT devices connected to a homeowner’s network and doesn’t offer some network security features offered by competing products. What sets the Everything Set service apart is its focus on user privacy and the ability to warn a homeowner of malicious behavior by a device on their network without requiring the homeowner to be an IoT and networking expert.
It will be a welcome addition when the Everything Set app is updated so a user can edit device information to identify devices that the Everything Set service couldn’t and to include additional information, such as where each IoT device is located in a home.
Unfortunately, due to the use of ARP spoofing by the Everything Set service and competing products, only one can be used on a homeowner’s network at a time. Otherwise it would be a simple and not overly expensive option to install products from multiple manufacturers and to use the best features offered by each.