A Brief History of Symbiote Defense

Frank Wang
Oct 16, 2017 · 2 min read

Salvatore Stolfo came to MIT to give a talk about his work on symbiote defense. It is very interesting work and is now part of a startup called Red Balloons Security, who deploys this technology for Hewlett-Packard printers.

The motivation for this work is that there are billions of IoT (embedded) systems with no anti-virus. More and more of these devices are now being deployed, and the number of IoT hacks have made vendors more aware of the potential threats. Consequently, the IoT security marketplace is growing 35% annually.

The journey toward hardening these embedded systems started with a global vulnerability scan. In that work, they scanned the world (minus some sensitive IPs), identified embedded devices available to the public, and tried default passwords. They managed to access and “own” 102,896 devices because 1 in 5 embedded devices was configured with the default password. After this research, rogue router botnets started to appear, but apparently, no one really cared about routers. So, they moved onto printers.

They found known vulnerabilities in the third-party libraries in HP printer firmware. They also found vulnerabilities in Cisco IP phones.

Image for post
Some known vulnerabilities in HP printer firmware

The next challenge is to design a “one-size-fit-all” security solution for embedded systems. They need to embed a low-cost intrusion detection system (IDS) that cannot and will not be signature-based. Also, they need to inject the same embedded IDS for all devices, legacy and new. However, for these IoT systems, the product function is fixed, i.e. printers don’t play games and routers don’t scan other routers. The idea is to use continuous attestation. This resulted in HP’s run-time intrusion detection that provides in-memory monitoring for malicious attacks. To learn more about the research, I refer you to their paper.

This is very interesting and practical work. It was interesting to hear about their journey from an academic project into real world impact!

MIT Security Seminar

Summary of talks from the MIT security seminar

Frank Wang

Written by

Investor at Dell Technologies Capital, MIT Ph.D in computer security and Stanford undergrad, @cybersecfactory founder, former @roughdraftvc

MIT Security Seminar

Summary of talks from the MIT security seminar

Frank Wang

Written by

Investor at Dell Technologies Capital, MIT Ph.D in computer security and Stanford undergrad, @cybersecfactory founder, former @roughdraftvc

MIT Security Seminar

Summary of talks from the MIT security seminar

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store