Parent IoT Security Devices Update 2: Device 2

Introduction

Throughout the course of the semester, we have been testing three separate devices. The second device we tested was the Dojo. Get caught up on our first device, the Norton Core, in our previous blog post.

We tested the Dojo’s ability to detect cyber threats from the web. We looked at how the Dojo would respond to the cyber threats we threw at it. During our initial research on the Dojo, we came across its ability to block websites. We thought it would be very similar to parental controls, but it is not. The Dojo is more geared towards a mature audience than parents and their children. You can’t specify the websites you want blocked. Instead, the device connects to a home base and is provided with a list of known “bad” websites. Knowing this, we were ready to test the Dojo’s ability to block these web attacks.

Dojo Logo

Setting up the Dojo

To start off testing, we set up the environment as to allow us to test devices without affecting our own network. The router has a connection to the internet and each of the devices connects to the network through WiFi. Most of these devices are tablets, but we look to test laptops later this week.

We plugged the Dojo into the router and proceeded with the setup. The setup itself was easy, if you followed the steps in the guide, but there were some points where things could get messed up. One example is when they have you decide which mode you want. There are two options, and you need to pick the correct one or the Dojo will not work. After setting everything up, we started the testing. When the tablets connected to the network, the Dojo informed me of new devices and asked if we should allow them on the network. We accepted one and denied the other. The one we accepted was able to connect to the internet and the one we denied wasn’t able to connect. This was to test its ability to allow specific devices on the network. The rest of our testing would be with the device that we had allowed on the network.

Detecting Malware

To see if the Dojo will detect malware, we had the devices connect to various websites. Some of these websites had no threats on them, like Google and Facebook. They went through fine, but when we looked up a blacklist for websites, things got interesting. A blacklist is a list of known bad websites that are not trusted and considered malicious. The first website we tested was blocked, and a warning was sent to our device about a device trying to connect to a bad website. We tried one more website on the list and it did not work. However, it didn’t work because the website had been taken down. We didn’t go further with the testing because the malware could have infected my device if the Dojo didn’t protect it. The Dojo proved it could block the websites and do what it had claimed.

Dojo Malware

Above is a picture of the warning Dojo gives you when we attempted to connect to a bad website.

Conclusion

It has been fun testing the Dojo and its capabilities. After testing the blocking capabilities of the Dojo itself, we are going to dig further into how it interacts with other routers and devices. While working with the new routers, we will try to gauge how easy it is to use the Dojo app that is provided. Is the Dojo a good IoT device for parents?

Stay tuned to read about the third and final device we tested, the Netgear Nighthawk R700P. We also tested the Norton Core for parental controls. If you missed that, read about it here. 

 

Post any feedback, questions, or general comments in the comment section below! Interested in our research? Follow the Leahy Center for Digital Investigation (LCDI) on Twitter @ChampForensics, Instagram @ChampForensics and Facebook @ChamplainLCDI.

 

More Research Projects
The Internet of Things Team: An Inside Look
CyberTech: Creating a Safer Internet Through Education
Capstone Chronicles: The Networking Natural