Tomorrow the company, Red Balloon Security, will present proof that its security software, the “symbiote,” can protect a standard IP office phone from malicious attacks.
And this IP phone demo is just the beginning. Eventually, the symbiote could protect virtually any connected device you can think of. The developer, Ang Cui, a Columbia PhD student in computer science, has been working for the last five years on developing offensive attacks and defensive solutions for vulnerabilities in embedded devices.
“Really [IP phones] are just computers too, and they’re running these super secret proprietary operating systems that very few people have actually seen, and very few people have actually tested the security of,” Cui said in a recent interview. “And you know, the work that we’ve been doing in the lab is to show that those things are just as insecure as the general purpose computers you have, and once you exploit those things there are definitely advantages to that over just getting root access to a server somewhere, which is what everybody in security largely has been focused on for the last forever.'”
The symbiote is a tiny piece of code, about 200 bytes, that is injected into an IP phone’s kernel without impacting computing speed or device functionality. And the symbiote is operating-system agnostic, meaning it can run on and monitor any device without being tailored to a specific OS. It runs in the background, and randomly samples executed code at regular intervals to ensure that nothing unusual is going on. Without knowing detailed specifics about an OS, the symbiote can still establish a baseline for normal behavior in a device using functions that are shared among different types of firmware and can reasonably be expected to be present.
The next step for Red Balloon Security is finding a large-scale network environment in which to run a pilot of the symbiote. If things go well, this could present a new generation of protection for smartphones, tablets, and anything that we connect or plug into them.