Sternum’s Free License for OpenWrt Devices: Eradicating the Issue of Trust in IoT

The number of IoT-connected devices worldwide is expected to approach 30 billion by 2030. This is more than double the 13 billion estimate for 2022. With this many devices, it is worrying that there is still no security standard established for IoT devices until now.

Unfortunately, not many pay attention to IoT security. Verizon’s Mobile Security Index 2021 report shows that around 52 percent of organizations sacrifice IoT security to “get the job done.” IoT end users are also unlikely to be bothered by the possible security risks that come with using unsecured devices.

This should not be the case, as IoT devices are increasingly playing major roles in cyberattacks. For example, they are used in DDoS attacks, and vulnerabilities in such devices facilitate access to networks or the stealing of login credentials.

One company is trying to change the way organizations view IoT security with the announcement of its free license for OpenWrt devices. Sternum, an autonomous security and observability platform, seeks to make device security more accessible and help address the growing threats around IoT devices by making its platform free to use.

Sternum’s Free License for OpenWrt Devices

In late July 2022, Sternum announced the decision to provide its autonomous security and observability platform free for OpenWrt devices. “Using this license, OpenWrt users will be able to activate Sternum security and observability solutions on their own on up to 3 devices,” Sternum CEO and Co-founder Natali Tshuva wrote in a blog post.

The free license announcement marks the first time for a security solution to be made free for IoT devices. Tshuva explained that the decision to make their platform freely available was aimed at setting a standard of openness and trust-led growth in the IoT security industry. Tshuva added that there are plans to expand the free license to other Linux and RTOS variants such as Zephyr, VxWorks, and FreeRTOS.

Addressing IoT Security Trust Issues

So how does Sternum’s decision to make its security platform free for OpenWrt devices solve the IoT security trust issue? As Tshuva mentioned, Sternum seeks to promote openness and trust-driven growth in IoT security. It is difficult to establish openness when the opportunity to test security products is paywalled.

Tshuva explains that one of the reasons why organizations do not accord IoT security the attention and priority it deserves is the lack of trust. Security solutions may be available, but not many are convinced or compelled to give them a try because of distrust. “The (IoT security) space is quickly becoming saturated with players that make impressive marketing claims but fail to deliver during the evaluation phases,” she writes.

It is frustrating to invest time and effort in getting familiarized with a security solution only to be disappointed with the results. To emphasize, IoT security is just a fraction of the overall cybersecurity of an organization. Adopting an IoT solution entails the need to integrate it with the rest of the security controls and security posture management system. In the modern cybersecurity paradigm, security controls cannot be left to operate independently lest they result in silos that end up becoming vulnerabilities. These vulnerabilities can serve as ways for threat actors to defeat or get around cyber defenses.

Sternum’s free license for OpenWrt devices is a way to “flip the script and win back user trust – to create easier ways to experience IoT security solutions.” Tshuva says that this has already been done in other industries, so doing the same with IoT makes sense. “Here too, putting the product into the hands of the users, and allowing them to reach their own conclusions, can be a powerful way to win back user trust, boost adoption and help disregard all of those past disappointments,” Tshuva notes.

Enabling Autonomous Security and Observability

Sternum offers autonomous security and observability platform to help device makers ensure that their products have real-time protection and autonomous threat monitoring. This embedded self-protection platform designed for low-resource devices provides active threat mitigation for any kind of device with its patented exploitation fingerprint technology.

Sternum offers device manufacturers an out-of-the-box product security solution that prevents vulnerability exploitation in real-time. It is capable of protecting virtually all product components (software side) including third-party libraries. This allows manufacturers to optimize product delivery in the aspect of cybersecurity, making it unnecessary to undertake repetitive debugging and endless patching.

Providing a centralized security data platform, Sternum establishes reliable security visibility that delivers accurate and consistent real-time data from various devices. This keeps security teams constantly informed about emerging threats and new vulnerabilities. Moreover, it is designed to work across different environments or operating systems with its generic direct-to-binary approach and self-monitoring function.

Restoring Trust in Security Solutions

Sternum has an impressive list of features, which include the following:

• The streamlining of security compliance for a multitude of devices at the same time
• Deterministic in-device protection that includes comprehensive defense against thousands of attack vectors, including a high 96.5 percent memory-related vulnerability prevention
• Zero-day mitigation, as demonstrated by Sternum’s blocking of Ripple20 vulnerabilities
• Supply chain security that includes the protection of firmware and third-party libraries
• Patented AI technology for detecting anomalous activities in real-time
• The generation of a detailed timeline of all system changes to facilitate attack flow evaluation and root cause analysis
• Integration with Linux and RTOS devices, including direct CI/CD integration

These may sound too promising—even incredible to some. However, with the Sternum autonomous security and observability platform made free for the wide range of OpenWrt devices, organizations get the opportunity to prove if the features and outcomes advertised are real or attainable.

IoT security cannot continue to be placed on the back burners. It is time to have IoT security standards. While standards are yet to be discussed and agreed upon, it is important to use available security tools that can enable security for IoT devices. For IoT manufacturers, trying out Sternum as a free security solution on their devices is a great start.