The Privacy Paradox with Anna Maria Mandalari

John Vecchi:

Well, hello, everybody. You’re listening to the IoT Security Podcast live on Phosphorus Radio, and I’m John Vecchi.

Brian Contos:

And I’m Brian Contos, and we’ve got a really, really special guest today that I can’t wait to introduce everybody to and that’s Anna Maria Mandalari. Welcome to the show, Anna.

Anna Maria Mandalari:

Hi, Brian. Hi, John. Thank you for invitation.

John Vecchi:

Welcome, Anna.

Brian Contos:

We’re so excited to have you. Yeah, Anna and I met a few months ago in London, and we were at IoT Security event. We were both speaking. I think I spoke and then you spoke right after, and it was just such a captivating presentation. I was like oh, I’d just love to get her on the podcast and thankfully she said yes and she’s here and we couldn’t be more thrilled.

Anna, you have a really interesting background, certainly well steeped in academia as well. Maybe you could give our listeners a bit of background about how you came up, your background and exactly what it is you do now.

Anna Maria Mandalari:

Yeah, sure. Happy to do that. Everything started, I think it was 10 years ago, 12 years ago in Italy when I decided to graduate in internet measurements. In Italy, we have this thing that is called telematics, and this is a mix between telecommunication and computer science, and I decided to do a PhD in internet measurements, but in Europe we have a very super nice program that is called Marie Curie Fellowship. So you get to do your PhD outside your own country, so I did it in Madrid. So I was starting to travel and then I knew that I would never go back to Italy and in fact, this happened. After doing my PhD in Madrid, I came to London five years ago and this is where all the magic with the internet of things happened. So during my PhD, I worked in internet measurements, computer science, new internet protocols, networking, and then I adapted this knowledge to the world of the internet of things.

And five years ago, here in London at Imperial College, I was a research fellow and we started this consumer internet of things testbeds when we started to collect all the traffic that we… First of all, we bought hundreds of consumer IoT devices and then we started collecting the traffic and adapted my knowledge of networking to the world of security and privacy for internet of things. So this is basically what’s happened.

Brian Contos:

Well, and Anna and I were just talking before the show started, if you follow IoT, IoT Security, IoT Privacy, and you’re ad hoc on social media, which I think is pretty much the whole world virtually, you’ve probably seen Anna ’cause she’s all over the news. She’s being interviewed, definitely one of the experts in this area, especially as it relates to privacy. One of the things I was really excited to ask you was are you seeing any commonality in terms of big issues that seem to exist in almost all of these products as it addresses privacy? Are there just big gaps that virtually everybody has?

Anna Maria Mandalari:

Yeah, so there are many privacy issues and this is what’s the first goal of our study is. I forgot to say that now I’m at UCL, University College London, so I switched from Imperial to UCL. Yeah, so privacy issues are the things that we first had a look at and we discovered that depending on the categories there are various issues and violations of your privacy. For example, on televisions we are sending traffic to third-party service analytics, even if you opt out for that in the terms and conditions when you are signing in the devices for the first time. Cameras are sending the MAC address completely unencrypted over the internet and also unencrypted unique identifier for your advertisement. We saw a camera that was from a Chinese manufacturer that were sending the videos, the time, the dates of the video completely unencrypted over the internet, so this is also a security issue and consequently, privacy issue. Doorbells that we’re sending the motions even if you opt out for tracking your motion in the app.

Brian Contos:

Even if you opt out.

Anna Maria Mandalari:

Yes, exactly.

Brian Contos:

Wow, wow, that’s crazy.

Anna Maria Mandalari:

Yeah. So this sort of privacy security issues. So let me tell you a little bit about the background of the lab, how we measure these things. So what we did, at the lab here in UK in UCL and Imperial College and another one exactly identical in Northeastern University in Boston, so what we did, we bought the same devices but in different countries because we we knew that we had different regulations in terms of privacy. For example, in Europe we have the GDPR, but in US where you have almost nothing unfortunately, except in California.

Brian Contos:

Anna don’t say that out loud.

Anna Maria Mandalari:

So we wanted to see if [inaudible 00:05:59] there are also differences in tracking and advertiser and privacy issues because of these missing regulations and we actually saw that there are some differences. We saw that, for example, the same devices in US were contacting more destinations and more third parties than the devices installed in UK. So probably this is because here we have GDPR protecting for these things and US you don’t.

John Vecchi:

Wow. Tell me a little bit about, did you build the UK lab first and then the Boston lab? That’s very interesting. And is it the same, is it your team that oversees Boston? It’s fascinating that you’ve got a similar lab in the UK-

Anna Maria Mandalari:

Yeah, yeah, yeah.

John Vecchi:

… And here in the United States. How did that-

Anna Maria Mandalari:

No. Yeah, yeah. They started the first thing in Boston-

John Vecchi:

Interesting.

Anna Maria Mandalari:

… And then we met in a conference and they were saying, oh, we are working on this, we are installing these devices and we said okay, maybe it makes sense to build exactly the same and see differences in terms of privacy and difference in privacy jurisdiction. This is what we did.

Brian Contos:

Are there certain segments within the devices that are more insecure than others or you’re noticing greater privacy issues like printers versus doorbells versus cameras? Is there something that stands out that you’re like, wow, these guys always seem to get it wrong?

Anna Maria Mandalari:

Yeah, we saw a correlation between the price of the device and the security issues.

Brian Contos:

Interesting.

Anna Maria Mandalari:

Devices that are cheaper tends to have more issues than the devices that are more expensive because security is also a cost. And many devices, they have the same vulnerabilities even if they are different brands because we discovered that they are white labeled. So it’s like the same camera is sold with the same form where it’s sold from different brands, but in reality it is the same. So the security issues propagate different brands.

Brian Contos:

We’ve even seen that with some binwalking of different firmwares because of the shared libraries as well as some of the white labeling as well where the vulnerabilities that are in a voiceover IP phone might actually be in a printer or AV equipment as well. Even though they do completely separate things, they’re sharing a very similar code base.

Anna Maria Mandalari:

Yes, exactly. So we saw this. So when we do our analysis, we don’t dissect like the device. We just look at the natural traffic. So the majority of the traffic that we see is encrypted. I will say fortunately for the user, but unfortunately for us because we cannot see what the devices are sending, but even if we cannot see what kind of data they’re sending to their cloud, we can check the activity of the devices. For example, we wrote a paper on trying to understand activation in smart speakers. Even if the traffic was encrypted, we discovered that this is possible. So even if sometimes you have security in place, for example, traffic that is encrypted, it doesn’t mean that you have privacy because you can still track the activity of the device even if the traffic is encrypted. That’s how we demonstrated it in our paper.

John Vecchi:

Good point. Yeah, yeah, and obviously you look at the home today and we focus a lot on the enterprise as well, but you look at home and just the number of devices that are internet connected is staggering and growing every year, right?

Anna Maria Mandalari:

Yeah.

John Vecchi:

So can you talk a little bit about as you built this lab, did you see over, however long you’ve been building this, just the propagation of more and more types of devices that are internet connected and coming into this whole fray that you’re looking at and what does that look like and and how did it grow, right?

Anna Maria Mandalari:

Yeah, it’s really crazy and it’s also scary. So obviously at the lab we cannot own all the devices that are in the market, but we have a good representative subset of them. So we try to buy devices in different categories, televisions, cameras, appliances, but the way they are sold nowadays is really crazy. So the growth is exponential. And I’m not saying that we shouldn’t buy them, it’s impossible to not advance with the technology. We need internet of things, devices, for everything. They are a part of our life and they will be, but we need also solutions for the users to protect themselves and these solutions need to be in the home, in the households too. So this is something we are working lately in at UCL and with the team at Northeastern University, solutions that allow the users to get protected from privacy security issues of consumer internet of things devices.

Brian Contos:

As John mentioned, our focus at Phosphorus is primarily the enterprise, industry, government, not so much on the consumer, but we do see areas that cross over. A printer can be used in both, a camera can be used in both, door locks, etc.

Anna Maria Mandalari:

Yeah.

Brian Contos:

But one area that’s really been, I guess, picking up a lot is healthcare providers and we work a lot, there’s MRI machines and CAT scan equipment and IV insulin pumps and there’s all these things now that are smart devices, so we work a lot with those, but I’m wondering from your side on the consumer side, are you looking at a lot of medical devices as well and what are you finding when you’re looking into those?

Anna Maria Mandalari:

Yeah, thank you. This is a very interesting question. So we didn’t until now, but we started this month. So just today exactly I just bought $10,000 worth of equipment for medical devices because I’m collaborating with a doctor here at UCL that is working with these devices. So they are installing in patients brain sensors, but also smart pacemaker and what happened a few months ago in a hospital here in London is that one of the sensors, one of these IoT sensors that they implanted in the patient’s brain broke and the patient died.

Brian Contos:

Oh, wow.

Anna Maria Mandalari:

Yes.

Brian Contos:

Wow.

Anna Maria Mandalari:

You see it’s not only a security issue, it’s also sort of try to understand who has the responsibility when these things happen and that an IoT device is responsible for life or death of a human being, but also anomaly detection of these devices, is it possible to prevent. So the ecosystem between the consumer and healthy IoT devices is completely different because you have different priorities. It doesn’t matter if Amazon, Alexa broke, but it’s important when a sensor implanted in the brain of a patient broke. So this is what we are doing. So today I bought both these devices and the goal is try to understand if it’s possible to prevent these situations by studying the traffic of these devices and understand anomaly and if it’s possible to understand if actually the anomaly is due to the patient’s data or anomaly due to the device that can be easily attacked by hackers, and then it’s really a problem in that case.

John Vecchi:

Well, and so it sounds, Anna, obviously you focus a lot on the privacy side, but talk a little bit about the other side of it. Again, we look at a multitude of different types of devices. We already talked about the fact that many of these devices share libraries, they ship with critical vulnerabilities that go from one device to the next, it’s very difficult with all the OEMing and white labeling to even keep track of these, but can you talk about some of the other things you focus on from a pure security perspective? Obviously, these devices are very exploitable with the vulnerabilities they have. We focus a lot on passwords and most of them, certainly I’m sure and the consumer probably a hundred percent of them, are the default passwords and so pretty easy to go find how to get into them. Can you talk a little bit about some of the other things you focus on in addition to privacy?

Anna Maria Mandalari:

Yeah, I’m glad you asked. So lately we did some tasks in our lab and we actually did some active attacks against them. Like we tried the Meris attacks, that is a very well known attacker of open sources out there. And we tried some scan porting, port scan attacks and OS scanning, and I have to say that since the devices are behind a [inaudible 00:15:21], it’s very complicated to perform this kind of attacks. But for a few percentage, 10 percentage of our devices, it was possible to do SSH penetration and also port scan attack and the OS scan attack, I will say 10% with these devices. This paper is not published yet, but it’s under review. So I will let you know when it’s going to be public and you can read about it.

John Vecchi:

Yeah, absolutely.

Anna Maria Mandalari:

Interesting, and not only that, we also did a study on commercial solutions that are protecting the users from security and privacy issues of the devices. So nowadays you can buy boxes, so you can buy smart router with software on them that are claiming to protect the internet of things from security attacks of privacy kind of attacks, and we tested in our lab, we benchmark in our lab, like eight of these solutions that you can find in the market, I won’t say the name because this study is still under review, it will be public probably in March, but the majority of them doesn’t work, they don’t work. So it’s like you are buying one of this box and you think you are protected, you think that your devices are protected in your home, but in reality they don’t work. They cannot even detect a simple SYN flooding attack.

Brian Contos:

Yeah, it’s amazing to me that they’re smart enough to market and advertise these capabilities and maybe put a radio button so you can turn it on or off in the system, but they’re not actually doing the work behind it.

Anna Maria Mandalari:

Yeah.

Brian Contos:

It’s such a awful, it’s one thing if they don’t have the wherewithal or security development lifecycle to develop it. It’s another thing just to get out there and lie. Where are most of these, and I asked this kind of knowing or guessing, but where are most of these devices built. Are still most of them coming out of Asia or are you seeing devices that are manufactured all over the world at this point?

Anna Maria Mandalari:

Yeah. Yeah. No, they’re all over the world. Yeah. US, Europe. Only one, are you talking about the safeguards, right, this latest or all the testbeds?

Brian Contos:

No, just IoT devices in general that you’re looking at? Yeah.

Anna Maria Mandalari:

Yeah, yeah, yeah. No, all over the world. So for selecting them, we bought the one that were top in the market on Amazon.

Brian Contos:

Got it.

Anna Maria Mandalari:

Yeah, so we have all kind of Alexa, we have all kind of Google Home from the second generation to the fifth. The majority of these cameras that you buy on Amazon, the cheapest one, they are from China, for example.

Brian Contos:

Yeah. Well, we’ve seen in our own research, and this is, again, cameras are something that can float between enterprise use and general consumer use, for more expensive cameras, but we did see one camera, I won’t call off the vendor, but there was ability, a recorded audio and recorded video and you were able to say stop recording. It had a light on it and when it was recording, it was green and when you said stop, it would turn red. Well, it turned the light red, but it never actually stopped recording.

Anna Maria Mandalari:

Correct.

Brian Contos:

It just said it stopped recording and I always think anytime you watch any kind of crime drama, there’s somebody in there, they’re interrogating them and they always say, well shut off the camera, and they shut the… that camera’s probably not really shut off.

Anna Maria Mandalari:

Yeah, there is no way that you can know that. Only if you look at the natural traffic, you can know that.

Brian Contos:

Yeah, yeah. What about, I’m wondering, now you mentioned doorbells, are you also looking at door locks that people might use on their homes?

Anna Maria Mandalari:

Yeah, like garage door opener for example. And it’s surprising because the majority of these devices, appliances with this kind of usage, devices for this usage, they use the same backend infrastructure. So it’s different brand, different manufacturer, but the backend infrastructure is shared. There are some common, for example, one is called Smart Life that is used for different brands. So it’s basically because they are so cheap that probably they cannot pay for the backend infrastructure, so they pay someone else for doing that. So if there is a vulnerability in the cloud in the backend infrastructure, it also propagates for different brands, different manufacturers.

John Vecchi:

Yeah, yeah. Let’s talk about the privacy gap between say the European Union and the United States. It’s pretty different, right?

Anna Maria Mandalari:

Yeah.

John Vecchi:

If you come to the United States, although we’re getting a little better at understanding privacy, we’re still way behind. You’ve got the California Consumer Protection Act. So in California they have a law and other states are toying with different things, but it’s very different when you go over to Europe and you look at the European Union countries and some of those. Can you talk a little bit about what those big differences are? How knowledgeable are the consumers say in the European area compared to the United States? And does that maybe drive that big gap and the difference between just awareness of privacy around internet of things compared to in the United States, right?

Anna Maria Mandalari:

Yeah, yeah. It’s not that because here we have regulation the consumers have the better privacy, but each country in the European Union is doing a big effort for making the consumer understand it. So in Europe it works that we have a big regulation that is called GDPR and each country has a board that needs to enforce the GDPR. So each country has what we call Data Protection Authority. For example, you have Italian Data Protection Authority, German Data Protection authority. Every country needs to enforce GDPR. For sure, you heard about Google, Facebook, Meta got fined a few months ago by France and stuff like that. This was because of GDPR. So every country needs to enforce GDPR, but they can also put some rules on top onto GDPR, so they can do better if they want to.

So it’s true that we have the regulations, but to be honest, I think there is a huge trend here in Europe that is called privacy paradox. It means that the users are aware, they say they care about privacy, they read about privacy, etc. but in the end, they don’t do anything for that. So they don’t read the terms and conditions, they have set everything, they start every kind of devices, even if it has bad reviews just because it’s cheap, in their home. This awareness is increasing thanks to podcasts like the one you are doing and thanks also to news and fines that the European Union is doing to these big companies, but we are not there yet. We need more. And I think the big gap what is missing is tools, simple tools for the users for tracking these issues. For example, this box, if they only worked, they could be useful. For example, a simple app that you install in your home and you can visualize and the user can visualize all the traffic that these devices are producing. Just only that, that will be already enough for creating more awareness.

So now we are working with the Data Protection Authority to try to spread the problem and the issues that we have with these internet of things devices because the majority of the people they don’t understand the consequences. So they say, okay, some people in China and California, they have my data, who cares? They don’t know that the main problem in this case is providing mass influencing and all these things. They just see the comfort of having these devices, having these devices and they don’t think about the consequences.

Brian Contos:

Yeah, we hear that sometimes if you take something as popular as a printer and eh, it’s just a printer, well, why is the printer beaconing out every night to some location in Asia and you’re seeing these massive data streams because you might be printing or copying sensitive things on there as a business or might be tax records, financial data, health records, things like that that could be used for blackmail or other types of events. So it’s all connected. I think the days are gone, I hope, I know it’s not there yet, but if people are thinking eh, it’s just a smart device, it’s not really a computer. As we all know, they’re absolutely computers with all the same power and tech. But I’m wondering on the enterprise side, we see for X IoT devices, we see a lot of Linux, BSD, on the realtime operating systems stuff like VxWorks for skated devices IoT, I’m wondering on the consumer side, what are some of the popular operating systems that you’re seeing these devices actually running?

Anna Maria Mandalari:

Yeah, no, they are simple Linux.

Brian Contos:

Okay.

Anna Maria Mandalari:

They’re based on Linux. Yeah, yeah, yeah. And the protocols that they use is almost HTTP. Yes, that’s it, like normal. They’re not using MQTT or other protocols that are made for just IoT devices. They’re using protocols that you can see in the internet.

Brian Contos:

So it’s writing a flavor of Linux popular protocols, you mentioned SSH. Are you seeing a lot of Cleartext protocol usage still, anything like FTP or Telnet or TFTP, anything like that?

Anna Maria Mandalari:

No, that one, not from the devices-

Brian Contos:

So that’s good.

Anna Maria Mandalari:

… We have.

Brian Contos:

That’s a positive. That’s good.

Anna Maria Mandalari:

Yeah, yeah, yeah.

Brian Contos:

Because on the enterprise side, we see a lot of cleartext protocol still. It’s amazing that you still see port 23 traffic. You’re like enable SSH or enable HTTPS. These are solved problems and they have enough horsepower, they have enough capabilities to run encrypted communication. It’s not like oh, they don’t have the capabilities to turn this on. So that’s interesting to hear. So Linux and it’s running relatively popular protocols, but you mentioned a lot of them are encrypted still.

Anna Maria Mandalari:

Yeah, yeah, yeah. The majority of the traffic, I will say 90 percentage of traffic at the lab is encrypted.

John Vecchi:

When you think of your mission with all that you’re doing here, it’s in incredible, and there’s a lot of good that can come from this, we talked about the fact that there’s this privacy paradox. I think there’s the same one here. It’s very similar. Oftentimes, it comes down to perhaps the day where there’s a simple thing someone can buy and push a button and they can understand the value of that and just use it easily. Perhaps they’d say yeah, heck, I’ll use it. But what is one of the key missions that you want to try to accomplish, and how is it going toward that mission at this point?

Anna Maria Mandalari:

Yeah. So there are two things. One is this tool that will power users for controlling these IoT devices in an easy way, so the control will be back to the user so they can see oh, this device is having these privacy issues at the moment, I can signal it so other owners of the same devices can know it and also try to help regulators on putting additional regulations on these devices from different countries. And here in Europe, we are talking a lot about internet of things, consumer internet of things certification. So my mission will be not only helping the users to have the control back, but also helping the manufacturer to certify and open a market for this, so certify their devices. In this case, we are working with the Data Protection Authority in Italy for that. They are interested in having a certification scheme like this, but I know in the US also Consumer Reports was working on this privacy label and they’re interested in having global databases with privacy security issues for each devices.

So what I want to do is like a simple webpage with each brand, every device will be on the webpage because we will use a sort of crowdsourcing methodology for crowdsourcing of the privacy security issue with these devices and then label them, like as you do, for example, for energy consumption for your fridge nowadays in which you have A, B, C, D level, the same for the privacy and security issues. The problem here is how do you do that? What is the baseline? What is the best privacy security level you can have? And this is the complicated part because you have regulations, but regulations are general. It’s very difficult to convert regulations in metrics, in something that you can measure. And it’s also difficult to convert standards into something that you can measure or guidelines. For example, in US you have the NIST guidelines. Here we have the Cybersecurity Act, we have the AI act. All these things needs to be converted to something that you can measure for these devices. So this is what I’m working at the moment and I imagine for the next years.

Brian Contos:

Yeah, I could see how developing the scoring system or whatever it’s going to be or color grade could be hard, but for me as a consumer, if I was going to buy an internet router, wireless access point, whatever, I’d love to find out, well, it only got a two out of five on its security score. Well, it says it has a hundred different security capabilities and it will stop SYN floods, that button doesn’t actually do anything. I’d like to know that as a consumer, and maybe because of that ’cause people vote well with their wallets, that will then apply pressure to those vendors to create their solutions.

Anna Maria Mandalari:

Exactly.

Brian Contos:

And to your point, even that backend cloud infrastructure, if we’re going to be sharing one backend, it’ll have to even address that as well. So I love that. It’s amazing to me actually that we don’t have that yet given how pervasive, with 50 billion plus devices, depending on whose statistics you look at, are out there already.

Anna Maria Mandalari:

Yeah, yeah, yeah. So this is my vision for the future is it’s not going to be easy because you need collaboration, combination between manufacturer, stakeholders and data protection authorities, regulators, standards, organizations. But my goal is basically empowering the user with these tools, something they can install in the home and they can visualize the traffic of the devices, but also something they can find online before buying the devices to stimulate the manufacturers to do better.

Brian Contos:

Yeah.

John Vecchi:

Yeah. It’s a noble vision. We definitely need that. As you speak for the European area, are you seeing interest rise as you go out and talk to whoever you talk to, news outlets, different countries? Is it increasing, the interest in what you’re doing and in your mission or is it staying relatively the same? What does it look like these days?

Anna Maria Mandalari:

Yeah, yeah. No, it looks like the various countries they’re interested. As I said, the Italian Data Protection Authority is interested, the German Authority is interested, in US, Consumer Reports, consumer organizations in Spain are also interested. So there is in Europe, but also in US there is NIST was also talking about privacy labels for internet of things. So at least in Europe and US, I didn’t go actually to other country, oh no, I went to Japan last month but it was very surprising to me to see that such an advanced technological country does not worry about, they don’t care yet about privacy security issues.

John Vecchi:

Oh, that’s interesting.

Anna Maria Mandalari:

Yeah.

Brian Contos:

I would’ve thought the opposite as well.

Anna Maria Mandalari:

Yes, yeah, yeah, yeah.

Brian Contos:

So Anna, as we wrap up here, this has been absolutely fascinating, where can our listeners find out more about your research and what you’re looking into?

Anna Maria Mandalari:

Yeah, you can see more details on my webpage annamandalari.com and then from there you just have all the research and the states of the labs and the papers, everything is there.

John Vecchi:

And Anna, do you come State side US? Any plans to come here? Do you talk to any organizations or news outlets in the United States where some listeners might find you or…

Anna Maria Mandalari:

Yeah, I’m planning to go there in May for some conferences, like there is one that is the Security and Privacy Conference in San Francisco in May and another one where I will be keynote speaker, it’s called IoT Benchmark Workshop.

John Vecchi:

Okay.

Anna Maria Mandalari:

This is also in May and this is in Texas.

John Vecchi:

Awesome, and social, they can find you on your social-

Anna Maria Mandalari:

Twitter, LinkedIn. Yeah.

John Vecchi:

Fantastic.

Anna Maria Mandalari:

Just put my name, it’s that.

John Vecchi:

Amazing, amazing and we have to ask as we leave, if you’re a consumer, I mean this is what you focus on, do you have any ending just advice for the typical consumer today and as they have more and more network connected devices? Any good advice you can give the typical consumer today?

Anna Maria Mandalari:

Yes. Switch them off. No, I’m joking. As I said, read the terms and conditions and don’t accept everything by default, try to opt out as much as you can if you don’t want to be tracked, obviously. If you want to be tracked, don’t worry. And if you can, when you are, we did a study on smart speakers that they were frequently mis-activating even if you didn’t say the wake word for example. So mute the smart speakers when you can, when you are not using it or when you are having a sensitive conversation. If you can access the television and you can frequently reset your advertisement ID, so if you go to the terms and conditions of the televisions, you will always have an ID for the advertisements they’re offering. If you erase that, it’s going to be difficult to profile you. So just these three advices, yes.

John Vecchi:

Wow. Well, as Brian said, this was fascinating. It’s noble work you’re doing, it’s incredible and we would love to stay in touch with you, I’m sure our users would, to follow your mission here. But it was a great discussion, Anna, and thank you so, so much for joining us today. Again, thanks to Brian, my co-host, and again, Anna Mandalari, grazia miele, thank you so much for joining us today. We really appreciate it.

Anna Maria Mandalari:

Grazia uomo. Thank you for inviting. It was real fun. Thank you.

John Vecchi:

Awesome. And remember everybody, the IoT Security podcast is brought to you by Phosphorus, the leading provider of proactive full-scope security for the extended internet of things, and until we all meet again, I’m John Vecchi.

Brian Contos:

And I’m Brian Contos, and we’ll see you next time on Phosphorus Radio.