The Internet of Things is a security problem. The Mirai botnet attacks drove the point home in October, but security experts have been warning about these weaknesses for years, providing endless demos about how a hacker might break into your baby monitor or seize control of your thermostat. There are more and less secure devices, but they all share the same basic weaknesses: they’re underpowered, making it hard to implement serious security systems, and their basic functions require them to accept requests from anywhere on the web. That combination makes them easy targets for hackers, who can use the devices to build botnets or launch ransomware attacks. And since those aren’t the kind of problems you can fix with a software patch, the security world has been at a loss for what to do.
Today, Norton announced a new approach to the problem: building a better router. Arriving this summer, the Norton Core is pitched as a single device that will keep your smart things in line. Instead of trying to secure devices one by one, the Core solves the problem at the network level, using the router as a hub to monitor traffic from every device at once. Your thermostat likely doesn’t have the processor power to run robust malware checks, but the Core does, and since it sits between the devices and the wider internet, it also has the power to block and quarantine devices as soon as something fishy turns up.
In hardware terms, the Core is basically a high-performance router in a cool-looking shell. It has a dual-core processor to power those virus scans, and dual-band antenna to support up to 2.5 Gbps of bandwidth. It’s not an out-of-the-box mesh system, like Google Wifi or Eero, but it does share some of the aesthetic properties and smartphone-based controls as those systems. I didn’t get the chance to test the Core rigorously, so it’s hard to say how it stacks up on delivering bandwidth, but at $279 for a single unit (or $199 on preorder), you won’t be paying too much extra for the security features. Those high-performance specs also mean the Core has enough processor power to run robust internal security checks and automatically download patches, making the device itself significantly less vulnerable.
Of course, the main difference between Core and the competition is how it handles network security. The Core uses deep packet inspection to scan incoming traffic for known malware, long a staple of corporate IT, and it can also use intrusion detection techniques to check for malicious traffic between devices already on the network. If any of your devices are behaving strangely, the Core will have the right vantage to spot the activity and isolate the device, sending an alert to your phone with options for further action. It’s the kind of technique that’s already standard in many corporate networks, but has been much harder for everyday consumers to find.
New protections based on network surveillance
Some of the Core’s most effective security measures are already available if you’re willing to put in the time reconfiguring your home network. The Core’s single most important protection is network segmentation, which lets you put IoT devices on an entirely different network from the rest of your devices. That way, if a hacker does compromise your smart lightbulb, they won’t be able to use that access to steal your banking password or plant ransomware on your laptop. Security experts have been recommending this setup for a while, and while it’s entirely possible to build it yourself, it’s a lot more work than most users are willing to do. The Core sets up a more dynamic version of those segmentation powers out of the box, quarantining devices as soon as a possible compromise is detected.
These protections are all based on network surveillance, just like the equivalent corporate IT systems. Norton’s policy is to only collect anonymized data on confirmed threats, just like the antivirus product, so the Core won’t snoop on your web traffic or use its view of your network to target ads. But even when it’s your own device scanning your own network, the result can get a little creepy. Like the Eero and Google Wifi, the Core gives you a clear view of all the devices that have used your network over a given period, including timestamps. That lets you check for suspicious access, but it also gives you a surprising amount of detail on everyone else. If you’re curious about whether your daughter’s boyfriend stopped by the house while you were out, you can see log-on times down to the minute on the Core app. That kind of information has always been available to network operators, but it was typically hidden in logs that were hard to find and even harder to read. Putting it in comprehensible form feels like a a natural next step. If you have the information, why not see it? Still, it could easily lead to something I can only describe as Evil Dad surveillance.
Those powers become even more ominous when combined with content filtering. Using Norton’s ConnectSafe DNS system, the Core can block specific forms of content — not just websites associated with malware or spam, but also with pornography, cigarettes, or abortion. That’s not an entirely new feature, and content filtering is already available as an option in lots of network security software. But as routers get smarter and information becomes more available, Evil Dad surveillance will only get easier.
As impressive as the network protections are, the Core is also deeply tied into Norton’s basic anti-virus scanning software, which could be the biggest downside for anyone considering buying the device. The Core’s purchase price includes a one-year subscription to Norton for the router itself and any other devices on the network, with subscriptions running $10 per month after that. As a business move, tying the Core to Norton’s antivirus software makes a lot of sense — it’s still the company’s core product, even as the rest of the industry is moving away from signature-based scans — but it’s easy to see how it would be frustrating for users who are locked into competing services.
Still, the end result is a good answer to a hard problem. Moving security scans from the computer to the router is a great idea — maybe an inevitable one — and Norton has spent a lot of time getting it right. The Core won’t fix infrastructure-level issues like the Mirai botnet, for the simple reason that most people won’t buy it. (Even if Norton’s new router is a runaway success, it will only put a tiny dent in the tens of millions of devices infected with Mirai.) But right now, there simply isn’t a good way to lock down a home camera or smart thermostat without hours of tinkering. We’ll have to wait until summer to see how the Core holds up in practice, but in the meantime, it could be one of the more interesting ideas to come out of this year’s CES.