Asvin Provides Cybersecurity for the Internet of Things

ABOUT THIS EPISODE

Starwars fans may remember that death star was destroyed due to a data leak.Mirko Ross, Founder and CEO ASVIN, Podcaster Hackwerk

Executive Summary

We interview Mirko, CEO of Asvin a cybersecurity startup. During the interview, we touch on data leaks in Star Wars, vulnerabilities in IoT, IoT devices, software, supply chains, and even in space (think cube satellites). ASVIN provides many tools to uncover and fix these vulnerabilities. Mirko is also a cybersecurity podcaster at Hackwerk, which you can also hear on our internet radio station www.startup.radio.

Subscribe Here

We are always sharing new resources with you. Find all of our options below. We want to make sure that we provide what's best for your growing team, so please take a look at these additional ways in which we can help!

https://linktr.ee/startupradio

Botnet operators can take over millions of devices by simply scanning the internet and following up with a brute force attack.Mirko Ross, Founder and CEO ASVIN, Podcaster Hackwerk

Our Sponsor Startupraven

A startup's journey can be a tough one, but it doesn't have ́to feel like you're alone on your quest! Invest in others' success with us by joining our community of entrepreneurs who build amazing things every day - no matter how big or small their ideas may seem at first glance.

The best way to find investors and cooperation partners for early-stage startups. Sign up here: https://startupraven.com/

Find all Links and Show Notes on our Blog

https://medium.com/@startuprad_io/asvin-provides-cybersecurity-for-the-internet-of-things-b035203b70f 

Welcome to start up bread dot IO, your podcast and Youtube blog covering the German startup scene with News, interviews and live efts alone. Welcome everybody. This is Joe from start operator Oh, your startup podcast and Youtube blog from Germany, today bringing you another interview, this time in Cybersecurity, together with fellow podcaster Mirko Ross, who's today my guest. Hey, Hyadin hi, thanks for having me in your show, Lima pleasure. Um, we may tell a little bit about you, and I would just skim a little bit the surface of your podcast, because you're part of the team behind the cybersecurity podcast called Hack back, yes sure, which of course also available on our Internet radio station, startup dot radio, together with Tyler Cohen Wood and Um, you're also an Iot cybersecurity member for the European Union. Age You have been for the European Union Agency for Cybersecurity. So let's go a little bit through your life and how a star wars fan became a cybersecurity expert. Because where everybody who's not seeing this behind him, there is some some star wars stuff in the background of the video. But that's a good point. We can talk about star wars and what is the relation of Star Wars and cybersecurity. Maybe people who are star wars fans out there know that a death star had been destroyed by a data league because it was the secret plans of the death death star from the empire had been leaked to the rebels and the rebels got the plan and by that that ability to find the exploits on vulnerabilities of the death star and destroy the death star. That's the relation between Star Wars and cybersecurity. And of course we see a lot of data leagues currently ongoing. And believe me, it's not only the evil empire who is in danger. It seems to me that everybody of US and the economy and the society is in danger of data leaks and cybersecurity breaches. It is a pretty nice interpretation. I've evicatly never seen star wars as a story of Cybersecurity, but from today on our will. Yes, but coming back about my history, I mean I've started hacking as a teenager, and this is maybe a usual way. Often people are getting into cybersecurity if they are interested in computers, interested in computer system and then you starting having a look on it and if you have a look on it, then, if you're curious, you will...

...find as well the weak spots of such systems and then you may can level up to certain access normally you will not get as a regular user. So that was my step into cybersecurity. And then afterwards, Um, I mean I never had been at the evil side, but as well I'm very closely related to to the cybersecurity community and Hecko community, even a member of the cows computer club, which is the biggest Hecko community in the world. Um, I'm closely related to hacker ethics and the hacker community. So that's my background and with that background, when I was starting starting working with io t internet of things and helping companies to step into the Internet of things, it was, on a certain level of my career, very clear that this will be not getting into a good direction if we will not fix the cybersecurity issues in the Internet of things. And that's currently the point we are now. I mean, Um, we have several vulnerabilities seen in the past with connected systems. Um, systems are getting exploited, companies are getting into danger, Um data is lost, um, even the critical infrastructures and danger and stuff like that. So a lot of things is going on with this bloody internet, which is connected everywhere. And well, I see Um. Going a little bit back, would have found interesting positions are including member of the INNISA IOT expert group. That was for the European Union. COACH AI o t I distributed ledger working group. Um, you have been an expert consultant for European Bank for Reconstruction and development. Your board member of the twins foundation in Brussels. My brain always lose a circuit. braceless beer in chocolate. Yes, and um I mean Bell Belgium. is also beer, chocolate and French fries. French fries, yes, yes, exactly. Yes, there are some stations in my career where I'm always working with communities and I always like to work with as well public authorities and regulatory makers, because it's very important that we are getting interchange of ideas and that we share what we know from the cybersecurity community with other people, and that's why I'm still I'm looking for close relations to Um this kind of organizations, like the European cybersecurity network agency, the European Commission. You have named some, Um, and I'm still working in several projects with the organizations where we are looking how we can increase...

...cybersecurity in the future and if you notice organizations, they are not very quick usually. So there's a lot of talks and negotiations in the background. But if they are on a certain direction, they have the force to increase cybersecurity by regulations, and then they are really powerful. So and that's why I think it's very important that the communities in the cybersecurity space are in a close interaction and relation with this big regulatory vessels and vehicles without there what what? What I found interesting is that you're not only in Cybersecurity, but you're also combining this with distributed ledger and Iot. Um. I do understand Iot in the past especially has been a pretty weak spot because they're like sillions of little tiny devices, bigger devices, who are delivered to the new owners and in some kind. In some cases, you, in the past at least, could not even change the password, and I do believe of the owners don't do it, like from from the company set up, and so they're very easily taken over. And I would also be curious about your perspective on Cybersecurity and distributed letters, because Um, but a lot of people think well it's on many, many computers, and so it's also secure because there are many, many copies out there. But I'm not sure that there's a hundred percent security out there. No, that's it's a good topic. So, first of all, what you have um mentioned are the sillions, trillions whatever in the numbers of connected devices. And we'll we'll get more and more, because this is the way how the Internet is developing. So everything will be connected. Even maybe the chair where we were, we are both sitting on, will be connected, your Coffee Cup, what else? It's the Internet of things, it's the Internet of everything which will be connected. That's why we have I P six for the people out there, because we need more IP addresses fall the drillings and Zillions of stuff out there. Um, if things are insecure on large fleets, and you've mentioned, for example, Ip cameras and this. This are really the some of the worst products out there because they are mass products produced very cheap used by consumers, with low security by design in there. Um, and of course these are the prior victims for...

...net operators, because it's easily you can scan the Internet, uh for such devices and then just simple to a password prood force attack to find out. Is it the factory setting password Edmin one to three, four, Admin, Admin and so on. By that you can take over as a botto net operator, millions of devices and you can use them for your own purpose. And the main purpose, for example, is Um denial of service attacks for rent that's one. I've learned that as well. Many social media accounts, like on Instagram or twitter, operated by Iot Bott Nets. So it's as well the very new stream for the bottom net operators and for the higher level IOT devices. Let's take someone with more CPU power and the future it could be maybe a connected car um their prior teched, for example, as well for crypto mining, high checking and stuff like that. So so the world for pcriminals wide open with open ioty devices. I'm actually not surprised when you talked about the the U Instagram, because when I post something on Instagram, within ten seconds, within ten seconds, there is something like a comment promoted on Bah Bah. I am diligently deleting those accounts and blocking those people from ever commenting again, but it's it's it's like a wave. I've seen that in the past on twitter as well, for my feeling, and has become a little bit less. But actually would vividly remember is when we posted English translations of bad news about wire card very, very early in the scandal. There was also a lot of pushback Um, semi in a semi automated way, and I thought that is quite interesting that somebody really Um tries to organize campaigns on social media. For that I mean post something with the Hashtag Bitcoin on any social media challenge and you see immediately all the bots jumping on that post. And you can easily identify Bot accounts by just posting with some hashtags where the bots are monitoring and go into interaction, which is, I think, rather remarkable. Is that everybody out there who's buying instagram accounts, and I know maybe there's some listeners who are doing that. I mean you can invest the hundreds sucks and and buy your ten thousand followers for that. If you do that, you're feeding the Bott net industries, you're feeding the cyber criminal organizations, becurse. That's the revel that's one of the revenue streams.

It's done by hi check device. So Um, you as a single personnelt there, who just wants to have more follower and I completely understand the desire to have more follower. Um You just think, well, I'm buying, buying that from a click farm or whatever, but this are really highly organized criminal infrastructures in Bland. But I also experienced, Um, you remember the days of what they called the big twitter perch, when they, before the I P oh, really got rich or after the IPO, really got rid of a lot of Um, those uh spam and bought accounts. In a time before that, apparently somebody didn't like us and within Um, I think twenty four hours, we had apparent Um scams, spam accounts of more than a thousand who followed us with within twenty four hours it was becoming so bad that we reach out on twitter with the tweet hey twitter, please help us. Yeah, because it's bad for the reputation of your account. I mean, Um, you don't need to use rocket science analytics to find out how many spam accounts and what accounts are following towards your own social profile. And if we talk about social profiles and people who are buying Um followers, to be honest, this this is shiny. This is a shiny, Nice picture for the first few but if people really do a deep dive into your accounts, there will immediately identify that this is are mostly paid up, paid followers, and I mean there is no reach for yourself except except insane number of followers. So it makes no sense to me to do that. But, however, it seems to me some people have the desires, so they're feeding they're feeding us of a criminal industry. Mm Hmmm, mm HMM. And as a founder of Asvin, you are also fighting that. You are a cybersecurity company. Um, I realized you are. Oh, one thing we we completely forgot to talk about the security in the distributed ledger. Oh, yes, okay. First of all, why we and I like the distributed lecturer idea. This is not about that. This is a more secure way to store and proceed data than in analy system. That's a that's the wrong perception. Um. The main idea is that it's more resilient towards, for example, manipulation, because you can do Um, there's integrity checks between all parties who are operating a lecture. Um. That's number one, and the second one is a decentralized network. So it's more to fickle to tear it...

...down at your decentralized network than a centralized network. So tearing down a powerful network of lecturers as an attacker is almost impossible, while tearing down a centralized service, for example by Addos, it's just a matter of size of the weapon you are using to a specific server address and the capability of the defender, how how much he would like to invest on didos defending methods. So Um, that's why I personally like the lecture idea as well. It turns the Internet back from a centralized system, which we have seen currently in the past with the cloud and other stuff, that more and more power had been centralized in the web. With the letture we can go for a decentralized system Um, which is as well a way of democratizing uh, the Internet again. I do believe that's the way the Internet is going into the future, a little bit or at least more decentralized. Yeah, and Cybersecurity is a strong driver for that, because the question is no more in the future future, about how can can you protect a one percent? It's impossible. The question will be more about is your infrastructure resilient enough to stand a cyber attack? M and my understanding right now is it's more resilient, the better distributed it is. That's one of our assumptions. Uh, I see, before we get into your startup, complete second attempt. I was I was curious, Um, can you tell for the audience out there what topics you and tie learn are discusting on your podcast and when you are actually putting episodes live? Yeah, so normally, first of all, we tried to do that every two weeks. Somehow, sometimes we are more busy or um, even, like you know, like the guests Sett list is sometimes a pain to get really good people into the show and we want to have a high quality show. Um. So what is the idea of the show? First of all, Um, Tyler. She's in Washington D C, so she's bringing in the US perspective, which is very important, and as well she brings in the diverse perspective on cybersecurity because, to be honest, cybersecurity has been in the past a male wide dominated space. So having tyler in the show, bringing in her diverse perspective and bringing in her, let's say tech,...

...the style of solving the problem, it's a very good mix because I'm more the European White Guy Born and educated in in cyber hacking communities and stuff like that. So let's say that's the tension in the storyline of our podcast show and we always invite one, usually one guest, sometimes two guests, into the show to discuss a very specific cybersecurity topic, for example Bot Nets. And by that, uh, we're looking to invite the most excellent people in their space to talk about this topic, but not doing a nerdy tech deep dive topic, just like having a conversation like you and me, so that people are getting a better understanding of what is the problem, how can we solve it? What is the future? How do I protect myself? Is it affecting me? Is it affecting you? Who are the bad guys? Why are you doing that? The Hell? Um, and sometimes even were, we are developing own evil ideas, like if I'm a bad guy, I would do it like that way, not to give people out there hints to do that, but as well to have a look over the horizon, because we need that in the industry. I vividly remember it from a time as a consultant big four. If you go into forensics, the guys who helped to solve problems, um, prepare investigations and stuff like that. Those guys are the ultimate arch criminal. They have seen so much you can just hope that they've never turned bad. It's it's incredible. Yeah, and it's it's be honest, it's a little bit really the same. I mean we had some ideas how we can completely raise your life from from earth just by combining cybersecurity and, let's say, medical technologies. Um, so, of course, but you need this super evil, evil thinking, because otherwise we are so focused on the current and we don't see what's upcoming next. It kind of reminds me when you guys start your your regular show. Are you guys going, Hey, Miko, what we're going to do today? The same as every night? Tyler? Conquer the world, like pinking brain, destroying the world or something like that. Um, yeah, it's and I mean that's one aspect, but the second aspect is as well, finding always in positive ending of each show, which I mean if you are in the cybersecurity space, you can get completely desperate about the situation, but it makes no sense as if we are desperate, Um, we can't move. So...

...of course we need a positive ending. So what are the next steps? What are good steps? Um, how can we make the world and the things out there better towards cybersecurity. That's as well as super important approach. And if we fail. My answer to Tyler, because she is from the yes, it's it's always my answers. Look, then, let's go for the American way of solving a problem. We will just draw and strike the cyber criminals. Yeah, that is a pretty good choice, Um. But now third attempt. Let's talk a little bit about as in your startup. I've seen you doing this in partnership with the X C Um, the German Alliance for Cybersecurity. In German Alliance for CYBERCITIA height and start up out abound pluck and play. I was pretty impressed when I went through you well side and I've seen you won many awards, including the germ Startup Cup for cybersecurity. You made number one, top spot in twenty twenty, Um, the winner of I t s a award best cybersecurity startup and Cybersecurity Excellent Excellence Award, winning twenty twenty two. So question upfront. Is it just you, or is there a team of very, very smart people who like to play around with war stuff during worktime? No, of course it's like being a successful venture and start up is always a team play. So of course it's the team in bound. I'm a little bit more the front runner of the show, but it's a very skilled team behind and it's an international team. So it's me for you, it's it's it's Rob Francran bug from Belgium. It's Raphael Yah Lah home from the M I T and Boston Um Room at our CT s, when my co founder. So there's a couple of people in the sea level Um which are, to me the best folks I can get, thought leaders in their topics and yeah, working with them together on adventures to me is a great benefit, and even nothing for our customers. Ah, it is as well, the best benefit they can get, of course, for sure. And all the excellence and awards, and you just named a few of them. Our our wall in the office is full of awards. Great, but it shows as well that we're doing something completely right, that we are heading to the right direction. And when we had started with Cybersecurity, I mean let's say the first steps with the company, we did early two thousand nineteen, the former steps on on product development and stuff, cybersecurity was already, I think, um emerging topic, but now it's a hot topic, and so we are at the right time, um,...

...the right products here in the market. M Talking about products I've seen you work which especially caught my attention again, supply chain, distributed latters, IOT fingerprints. And then, before we start explaining all this stuff, what is this all about? Because on your website there is bee hive, there's and their cause. Their track counts any rise? Yeah, so first of all, uh, what is our main mission and vision? So we had a look on the Iot space and we think that cybersecurity and Iot is a supermass and we'll become more and more super mess. So we need to provide specific tools and services for our customers to get the things on on the right track, and by that we have built up a suite, a product suite of different services. One services, for example, is how can we identify Inn Iot device by you nique finger print, and as unique finger print is. Now for the people out there, it's physical, unclonable function, which means there is something in there on the semiconductor level, on the memory level of an IOT device, which can't be changed. And because it can't be changed, you can use it to create a unique finger print. Now why it's so important to have a unique idea of an IOT device? Well, for example, think about your operating a factory and you're getting data from sensors out there to to control your factory. Um, the sensors are in need of unique fingerprintings because they are essential deliverer of of data for your factory control systems. If I would be attacker and I will just replace the sensor by myself, I can in check malicious data, for example, into your factor into the factory systems and by that for seeing the factory systems to do something completely different what they want. This could be a digital sabotage, it could be a way of of ransom. Um. So there are many ways how companies are getting in danger. So fingerprinting and ideas of a sets are super essential at the beginning, and on top we've built several other stuff. Um. One important thing you have mentioned supply chain, and and this is a huge topic, because many like Ip Camera, as well as already a complex product, iot product, because there are many components in their shipped from different locations and sides of the world. For example, of a wireless land module in there, which comes usually from China and there is a fully Linux operating system on it. Um. How many companies who are producing these cameras really know what kind of software stacks are on this wireless land module? To be honest,...

...not too much. And by that Um, as it is a complete linux stack. You can do a lot of a lot with that. Um and the worst things is, of course, that there are backdoors in there and data is getting leaked to other sources. Um. But this is, let's say, are quite still a quite simple IOT product. But think about a car. Um. A car is a super complex IRT product. Hundreds thousands of suppliers at the back end, Um, and they are supplying components where software is on it. And if you want to secure a car in the future, you really need to be sure that your supply chain is safe and secure, and for this case is. We are providing solutions where you can track and trace the provenance of software, for example, like a specific software which is installed and running on a car. Where does the software coming from? What kind of quality management and security testing had been done towards the software? How many hands of suppliers are had this, this particular software in their own processing and stuff like that. So that's super interesting. And for cars, I think it's quite logical because cyber security is tied to safety, safety of passengers and cars drivers, of pedestrians, of other people in the traffic. So, Um, this is then not only about cyber's cybersecurities as well about safety. And you can take more and more example, medical products and so on. Um. So it's a huge space and software supply chains are critical. Yeah, I've seen your working not only in smart cities, the industries you're covering, logistics, automotive, but I also telecoms in a found space. Yeah, I mean you know I like space industries and space is a super, super interesting Um topic towards Cybersecurity, because for the people out there who had a look in in in space industries, maybe they know spacex and other stuff. So that the space industry, as well as transforming, it's like, if you look in the past, there had been this big rockets like a Saturn five, where you were flying to the moon, which we're super expensive, super big, and now the space industry has turned more to a private industry where small rockets with small payloads are shut into the low orbit space. Um, there are many new satellites companies out there with so called cubes. That's that's very small satellites, the size of a of a Rubic Cube. That's why they called cubes that Um and the satellites are deployed into thousands, hundred thousands. So there are estimations that we will have...

...soon more than a hundred thousand small and and cube sites in the low orbit h and now many of them are operated by startups and other venturers. Satellites are now built in a in an industrial level, industrial size Um. So they're using more and more software from the shelf like Linux on it. By that they're as well deploying Um vulnerabilities from their software supply chain on satellites and on all these units used to launch satellites and stuff like that. So the so their space industry, AH, is facing more and more all the problems of Cybersecurity we have in the traditional industry as well. M I C C C and basically how he counted this is what they just talked about, all those Um aims associated with the animal kingdom, Um Bees and past track counts and egalized right. Yeah, exactly, that's some I mean that's our away. How we name our product Um and for example, if they take tracehund, trace unders the way how you can track and trace software in supply chains between different suppliers, egialize the possibility to have analytics and monitoring on this U supply chains. So we have created different sets and services which allows our customers to manage this upcoming cybersecurity challenges. M I see. Um, two more questions, because we are already running in more than thirty minutes of recording. How you guys are currently funded? Are you open to talk to potential investors? Yeah, Um, we are seat funded. So we had closed the seat funding earlier this year, Um, and but that it was. It was a two million seat round for us, which helps us to further develop our attraction this year and, let's say, at the beginning of next year. And of course, we are open for investors because we have big plans. We want to grow, we want to scale up. So by that Um, we will of course go for our next investment round. So, Um, we will prepare our investment offer and if you are investor and you're looking forward cybersecurity and supply chain security, then get in touch with us and we can discuss the details for the next round. Great, only one more question left. Are you guys currently hiring? Yes, we're hiring, and I have a look on our website. I mean there are plenty of positions open and as well, you can find me everywhere on twitter. So on...

...twitter, on on Linkedin. If you think you want to step into cybersecurity or you're an expert in cybersecurity and AH, just get in touch with me, shop me a message and then I will link you to the right persons to discuss about the position. I actually will link in the show notes of this interview. Your website. It's as of an a As v I n Dot I o forward slash jobs, so that will be also available. Nico. Thank you very much, with a pleasure talking to you. Hope to have you back and a lot of more hackback podcasts on our radio station. So thanks for having me in your show. Thank you. Have a great day. Yeah, thanks, bye bye. That's all. Fuls. Find more news streams events at interviews at U W dot, Startup Threat Dot Yo. Remember, Sharon is caring.

In-Stream Audio Search

NEW

Search across all episodes within this podcast

Episodes (352)