The Growing Security Concerns in the Internet of Things

A significant security challenge plagues the Internet of Things (IoT). Over the last ten years, there has been a rapid proliferation of internet-connected devices, ranging from simple sensors to sophisticated webcams and smart home technologies. Frequently, these devices are mass-produced with minimal attention paid to security considerations.

Compounding this issue, many manufacturers fail to address identified security vulnerabilities. Others omit the necessary software update capabilities required for distributing security patches.

Thistle Technologies: A New Approach to IoT Security

Window Snyder, a security expert, believes a more effective solution exists. Her new venture, Thistle Technologies, has secured $2.5 million in seed funding from True Ventures. The company’s objective is to assist IoT manufacturers in reliably and securely deploying software updates to their devices.

Founded last year, Thistle Technologies derives its name from the flowering plant known for its protective prickles. “It’s a defense mechanism,” Snyder explained to TechCrunch, a fitting analogy for a company focused on defensive security technologies.

The startup intends to support device manufacturers lacking the internal expertise or resources to integrate update mechanisms into their device software. This will enable them to receive crucial security updates and enhance their defenses against evolving threats.

“We are developing the tools to simplify this process for them,” Snyder stated. “Their primary focus should remain on building customer-facing features.” Prior to establishing Thistle, Snyder held prominent cybersecurity roles at leading technology companies including Apple, Intel, and Microsoft. She also served as chief security officer for Mozilla, Square, and Fastly.

The Increasing Threat Landscape

Thistle’s emergence coincides with a period of heightened need for IoT security. Malicious actors routinely scan the internet for devices utilizing weak default passwords. These compromised devices are then exploited to launch distributed denial-of-service (DDoS) attacks, overwhelming victims with internet traffic and disrupting online services.

In 2016, the Mirai botnet orchestrated a record-breaking DDoS attack against Dyn, a major internet infrastructure provider. This attack caused significant outages for prominent websites such as Shopify, SoundCloud, Spotify, and Twitter. At the time, Mirai had already compromised thousands of IoT devices.

Furthermore, attackers often target IoT devices as an initial entry point into a victim’s network. This allows them to launch further attacks or deploy malware internally.

Legislative Efforts and Compliance

Given the limited proactive measures taken by device manufacturers, legislators are considering regulations to address common security shortcomings. These include the use of default, unchangeable passwords and the absence of update mechanisms.

California led the way with an IoT security law passed in 2018, followed by the U.K. in 2019. Currently, the U.S. lacks a comprehensive federal law establishing baseline IoT security standards.

Snyder suggests that impending IoT cybersecurity legislation could provide “an accessible pathway to compliance” for manufacturers, potentially reducing the need for extensive security engineering teams. Implementing an update mechanism also extends the lifespan of IoT devices—potentially by several years—by enabling the delivery of fixes and new functionalities.

“Developing the infrastructure to maintain device resilience and deliver ongoing functionality through software represents a significant opportunity for manufacturers. I am building a security infrastructure company to address these needs,” she explained.

Future Plans and Investor Confidence

With the seed funding secured, Thistle Technologies is prioritizing the recruitment of device, back-end engineers, and product managers. The company is also actively pursuing partnerships with device manufacturers.

Phil Black, co-founder of True Ventures, described Thistle as “a logical and timely advancement in security technologies.” He further added: “Window embodies the qualities we seek in founders—deep domain expertise, respect within the security community, and a strong commitment to industry evolution.”