Together since 2007

Transforming money management to make financial markets accessible to all

Acquired since 2021

Enabling the human right of mobility to all

Acquired since 2017

Introducing Zero Trust mechanisms for a truly sale environment

Acquired since 1994

Introduced cyber security to the mass business market

Together since 2010

Harnessing the power of artificial vision to transform the lives of visually impaired

Together since 2020

Digital Learning Platform designed to optimize student engagement and learning outcome

Together since 2019

AI-driven end-to-end Fix & Flip platform

Together since 2021

First drone delivery service focused in the US suburbs.

Acquired by DG 2007

Global provider of digital advertising solutions that optimize the use of media, creative and data for enhanced performance.

Together since 2010

Leading investment house in Israel, managing over 77 Billion Dollars for private, business and institutional clients

Together since 2016

Developing and commercializing novel endovascular treatments for stroke

Together since 2012

Developing percutaneous implantable technologies for patients with chronic heart failure

TrapX Report Overviews Rapidly Growing Security Risk in Internet of Things (IOT) Devices

TrapX Labs Research Confirms Security Risks in NEST Learning Thermostat™

SAN MATEO, CA–(Marketwired – Mar 11, 2015) – TrapX™, a global leader in deception-based cyber security defense, today released its latest Anatomy of an Attack (AOA) report, “The Internet of Things (IoT) – The Hidden Danger Exposed,” which confirms design flaws discovered in the Nest Learning Thermostat™. For the purpose of this report, TrapX Labs validated the attack vector presented at the Black Hat 2014 conference by compromising the device and an entire home network.

“While the Nest Learning Thermostat™ has relatively robust security compared to most IoT devices, the attack vectors presented at Black Hat enabled our lab to completely compromise the device within our Advanced Test Bed Facility (ATBF),” said Carl Wright, general manager of TrapX. “For real-world validation, the lab then took the compromised device outside of the ATBF and installed it in a participant’s home network.”
Once the Nest Learning Thermostat™ was installed, TrapX Labs used it as an initial point of attack and was easily able to compromise an entire home network. Once the network was under the lab’s control, researchers were able to track the user’s Internet surfing activity and get access to their private credentials as well as data collected by the Nest Learning Thermostat™, such as whether anyone was at home.

“We took the Nest Learning Thermostat™ apart and did a complete analysis of the operating system and potential entry points,” said Moshe Ben Simon, vice president and co-founder of TrapX and general manager of TrapX Labs. “During our analysis, we found an ARM processor that was running under a hardened Linux operating system. We gained root access and then were able to control the Nest Learning Thermostat™ from our attacking server. Make no mistake, the Nest Learning Thermostat™ is a well-designed and relatively secure IoT device. The problem is that the hackers are moving faster, with more intensity and more funding. We are losing an undeclared cyber war even before most of us recognize that this war has already started. Solving this problem requires far greater investment in cybersecurity and a change in strategy as we go forward with IoT,” Simon concluded.

“The whole point of this report was to show that any single IoT device, without adequate security, can present a serious threat to the networks to which they are connected,” said Wright. “The report shares our forward view of the impending dramatic escalation in IoT cyber attacks and the risks these pose to corporate, government and personal security.”

Looking beyond the Nest Learning Thermostat™, which is relatively secure, there is a serious concern that the manufacturers of IoT devices at all points in the supply chain do not seem to have the economic incentives to provide initial cybersecurity support or ongoing support, including the regular integration of software and/or hardware updates. At every level of manufacturing and design, the manufacturers involved with IoT are obsessed with cost cutting and minimal design footprints. The design chain for electronic components such as IoT usually includes two or even three manufacturing tiers, each integrating their products with the products of their suppliers. Unless their customer specifies it or unless the regulatory environment requires it for compliance, additional features for cybersecurity will not go into the product.

Seven Key Steps IoT Manufacturers Can Take to Improve Device Security
•Perform a complete design review of all OEM components, especially those manufactured overseas. This is essential for anyone in the defense industry and highly desirable for most manufacturers that integrate electronic components and chips.
•Consider a strategy to rapidly integrate and deploy software fixes and/or hardware fixes to your end-user customer base, especially when there is a two- or three-tier supply chain.
•Do not allow any production versions of these devices to be bootable from a USB port.
•Sign the software — this is a mathematical technique used to validate the authenticity of the software.
•Use an outside penetration-testing firm to run security tests to discover vulnerabilities and help with the design review of OEM components.
•Implement firewalls on every device to resist hacker attacks and allow only specified IP addresses in or out.
•Protect the management channel interface from attackers and only allow limited access to the management server.

The full report, “The Internet of Things (IoT) – The Hidden Danger Exposed,” can be downloaded here:—The-Internet-of-Things.html

Trademark Notice
Nest Learning Thermostat™ is a trademark licensed by Nest Labs, Inc.
TrapX Security™ and DeceptionGrid™ are trademarks licensed by TrapX Security, Inc.

About the AOA Series and TrapX Labs
The Anatomy of an Attack (AOA) Series highlights the results of TrapX Labs’ research into current or potential critical information security issues. The mission of TrapX Labs is to conduct critical cybersecurity experimentation, analysis and investigation and to bring the benefits back to the community at large through AOA publications and rapid ethical compliance disclosures to manufacturers and related parties. Since its inception, TrapX Labs has worked to create the next generation of technologies and best practices so that they can ultimately provide leading resources for the evolution of cyber security.
The research facility conducts applied research that is focused on specific cyber threats and their countermeasures. Team members develop and apply leading-edge technologies in computing, network architectures, network forensics, malware analysis and analysis of commercial hardware and software to solve and understand the anatomy of today’s most complex cyber attacks.

For more on TrapX, please visit:
Visit the TrapX blog:
Follow TrapX on Twitter: @trapxsecurity
Follow TrapX on LinkedIn:
Like TrapX on Facebook:

About TrapX
TrapX Security is a leader in the delivery of deception-based cyber security defense. Our solutions rapidly detect, analyze and defend against new zero day and APT attacks in real-time. DeceptionGrid™ provides automated, highly accurate insight into malware and malicious activity unseen by other types of cyber defense. We enable a pro-active security posture, fundamentally changing the economics of cyber defense by shifting the cost to the attacker. The TrapX Security customer base includes global 2000 commercial and government customers around the world in sectors including defense, healthcare, finance, energy, consumer products and other key industries. Learn more at