We've built Canary from the ground up with security in mind. Recent DDoS attacks targeted IoT devices that have specific security vulnerabilities, of which Canary has built protections against. These devices were vulnerable because they didn't force users to change the passwords that connect the devices to the internet, leaving the devices with default passwords and allowing the attackers to leverage these IoT devices.
Canary devices are different and not vulnerable to these types of attacks for three key reasons:
- Your Canary does not respond to inbound requests, which is how the attackers were able to leverage these unsecured IoT devices with the default passwords. Canary devices have no listening ports, which disables the ability to log into a device.
- Canary connects directly to Canary Services through authenticated and encrypted channels.
- We perform signed firmware updates to keep all Canary devices up to date with the latest, most secure firmware. This prevents the installation of malicious firmware, and keeps Canary safe and secure from attacks of this nature.
Security is of the utmost importance to us, and we've built Canary to be one of the most secure IoT devices available.