A phone displaying the Xfinity xFi app.
Cyber Security

How Artificial Intelligence is Protecting Connected Homes

By Santeri Kangas

HOME   |   INTRODUCTION   |   XFI HEALTH REPORT   |   SURVEY   |   THREATS   |   Q&A   |   TIPS

Historically, cybersecurity protection was one step behind bad actors. Hackers would devise a way to exploit a piece of consumer technology, usually to steal data. Technology makers would then push out a “patch” to all their customers to address the issue and protect customers. Unfortunately, this reactive approach doesn’t help people who have already been victimized by an attack. And, as soon as hackers realize their original method of attack no longer works, they would find new vulnerabilities, and set off a new cycle of exfiltration and patching all over again.

When we developed the technology behind CUJO AI, we wanted to break this cycle and be one step ahead of the attackers. To do this, we created a continuous “learning” system that employs its cumulative knowledge to recognize and prevent attacks before damage can be done. It’s similar to how, in the real world, if you see a person walking into a bank wearing a Halloween mask and carrying an empty bag, you would probably notify someone of a potential bank robber.

How can you create a system that can do this kind of thinking? Through artificial intelligence (AI). By using AI, security systems can “learn” what’s normal and what isn’t for devices on a network — and then use that information in the digital equivalent of blocking the person wearing the Halloween mask from entering the bank. Until now, this kind of technology was only available in high-end security systems used in large corporations. In a revolutionary step forward for consumer cybersecurity, Comcast partnered with CUJO AI to provide this capability to its customers on a massive scale through xFi Advanced Security.

The paramount reason for taking this step was to protect the wide array of smart devices in the connected home – from doorbell cameras to network storage devices, streaming video players, printers, and smart appliances. And while all of these connected devices have made our lives more productive, automated and enjoyable, they bring new risks. Most people install these devices and forget about them – especially when it comes to updating their firmware or installing software patches. This leaves a lot of “open windows of opportunity” in connected homes for hackers to exploit.

And we know their playbook. These hackers run massive scans across the Internet to identify networks and devices with vulnerabilities and then exploit them with scary-sounding malware like “IoT Reaper” and “Gafgyt.” Once a connected-home device is compromised, the malware typically scans other home network devices to spread a virus. From there, the hacker can look for sensitive data or use the compromised machines as part of a “botnet” to attack a larger target, such as a corporation, government agency, or large retailer.

This is why we built CUJO AI to run in the cloud and protect each connected home by analyzing and blocking threats in real-time at a customer’s broadband gateway before the traffic enters the home. We have more than 750 million devices under protection, which gives us a lot of data to learn from so we can understand how those devices are supposed to act under normal circumstances.

750M

Devices under protection

By using AI, security systems can “learn” what’s normal and what isn’t for devices on a network – and then use that information in the digital equivalent of blocking the person wearing the Halloween mask from entering the bank.

For example, suppose a customer installs a specific smart thermostat or video doorbell. In that case, our system recognizes the vendor, model number, software version it is running and its expected network traffic – such as sending information to specific servers in California at a certain time each day. If that device starts acting abnormally – sending traffic to new locations or at different times of day – then we can block it, analyze it and notify the customer it was addressed.

Even for brand new devices, it only takes about 24 hours for our system to analyze, understand, and profile them for monitoring going forward. So, with each device added, CUJO AI’s “brain” gets that much smarter about how to protect your connected home.

Getting the benefit of this AI technology is easy for Comcast customers – simply download and log into the Xfinity app to activate xFi Advanced Security for free. Once that’s done, malicious traffic is stopped at your “digital front door” — your xFi Gateway — and your connected home will do exactly what it’s supposed to do: make your life better.


Santeri Kangas is CTO of CUJO AI

© 2021 Comcast