Former Dyn exec spins up IoT security startup to avoid the next Mirai
The former head of the company that was at the center of the Mirai botnet attack is now jump-starting a new venture that aims to protect the devices which were co-opted into the attack.
Minim, an internet of things security startup based in Manchester, N.H., announced on Monday that it has brought in $2.5 million in seed funding.
The genesis of Minim is rooted in that 2016 distributed denial of service (DDoS) attack that targeted DNS provider Dyn and paralyzed several popular websites. Minim CEO Jeremy Hitchcock co-founded Dyn and served is its CEO until a few months before the attack.
“The Dyn attack was a huge red flag,” Hitchcock told CyberScoop in an email. “It showed that IoT device hacking is easy (accomplished by a dorm room Minecraft scam for fun), undetectable by the average consumer, and a big problem for internet services such as Dyn.”
Mirai leveraged hundreds of thousands of vulnerable smart devices — fridges, lights and TVs, for example — to overwhelm Dyn and bring down dozens of sites, including Twitter, Github and PayPal, among others.
Hitchcock said that internet infrastructure companies — the Dyns of the world — are working the issue out, but that a gap remains for everyday IoT device users.
“Homes and small businesses with smart thermostats, webcams, doorbells, TVs, etc. are still in harm’s way,” he said. “Minim is focused on the fundamental problem of identifying how consumer IoT devices behave, and how they should behave, on a network. We believe this lack of clarity holds back consumers and their service providers from controlling, optimizing, and securing their connected devices.”
At its heart, Minim is a platform that fingerprints monitors IoT devices in the home, specifically for threats and vulnerabilities that make attacks like Mirai possible. Hitchcock says Minim looks to see if a device can be exploited and takes steps to mitigate its weaknesses.
The CEO explains that the threats extend beyond just DDoS attacks. Connected devices can be hijacked to access other devices on a network and expose data. In other cases, IoT hacks can cause direct harm or damage to things outside of computer networks.
“A good example of this is a hacker shuts off an HVAC system while you’re away in the winter, and the pipes freeze. Or, a bad actor manipulates your baby cam in the home,” Hitchcock said.
Minim now is primarily marketing to internet service providers, which Hitchcock says are seeking to reduce on-site customer support and help customers remotely manage IoT security. But the company plans to extend its services directly to consumers soon.
“Network and security management has has not yet caught up to the number and complexity of IoT devices,” Hitchcock said. “It’s driving support calls, support headaches, returned consumer electronic devices, and general fear of implementing IoT.”
The seed funding round was led by Flybridge Capital Partners and Founder Collective.