MuuseLabs protects children’s IoT devices through Intigriti’s ethical hacking platform

As an Internet of Things (IoT) start-up that sells children’s devices online, MuuseLabs needed to ensure it had a bulletproof cybersecurity strategy. Being a small team, MuuseLabs couldn’t run their own security program as well as carrying out business-as-usual activities. To get the support they needed, the start-up hired Intigriti to help. 

“The biggest change is that we have moved from doing regular security reviews to continuous security improvements. That has been a real step forward in quality.”
– Will Moffat, CTO MuuseLabs

About MuuseLabs

MuuseLabs is a high-tech IoT company that combines technology and tenderness to build the next evolution of family entertainment. The company was founded in 2014 by three tech-savvy dads who were formerly employees of Google, Huawei and Barco.  

MuuseLabs builds family-friendly entertainment devices with the aim to create experiences that engage children’s imagination rather than isolating them through screens. Their mission was to bring about a sense of togetherness, safety and purpose. With this mission in mind, they built a screen-free music player for kids: Jooki. When a kid puts one of the small figurines that come with the speaker on the device, music starts to play. Parents can upload music and audiobooks on Jooki themselves or listen to streaming music with Spotify Premium. 

The importance of security when creating children’s products 

Will Moffat, CTO of MuuseLabs explains: “Through Jooki, we are putting technology in children’s rooms and so it must be secure. We need to be security–focused, and we need customers to trust us.” 

How a bug bounty program creates trust

One of the ways MuuseLabs instils trust is by pointing to their bug bounty program with Intigriti. Having a highly–skilled, dedicated team of security experts looking at their IT infrastructure 24/7 demonstrates that they test their attack surface area continuously. It says to our customers: “Look, we have a world-class program running. You can trust us.” 

Penetration tests vs continuous evaluation

MuuseLabs evaluated penetration tests, but as their product is continuously evolving (in terms of features and security), they prefer the services of bug bounty programs. Will Moffat explains further: “For us, it is really important to have continuous evaluation.” 

Will Moffat (CTO MuuseLabs) and Yannick Merckx (Success Manager intigriti)

How a start-up with a small team manages security with crowdsourced help

“As a small team, we couldn’t run our own security program,” Will Moffat continues. “We needed a source of high-quality bug reports. We did some research, and one of our investors highly recommended Intigriti.”  

“The biggest change is that we have moved from doing regular security reviews to continuous security improvements. That has been a real step forward in quality. We have extensive experience of developing for Google and other highly-respected companies but knowing that you have security researchers looking over your shoulder makes you go that extra mile to make it even more secure.” 

The result: actionable reports make quick decisions possible

Will Moffat and the team now have access to high-quality security researchers and get actionable, triaged reports. Will Moffat also agrees that security researchers tend to think differently. They have raised some critical and high-security issues for MuuseLabs and pointed the team in directions they had not fully evaluated themselves. The CTO shares an example of what they achieved through Intigriti’s help: 

“We sell a lot of Jooki in the run-up to Christmas. An Intigriti researcher found a critical bug in our eCommerce site a few months before. We were very grateful that we could patch and fix that bug so that we didn’t lose sales over the Christmas period.” 

Will Moffat (CTO), Pieter Palmers (COO) and Theo Marescaux (CEO): MuuseLabs leadership team surrounded by the people they’re doing it for.

Security for start-ups

MuuseLabs shows that having a small team doesn’t mean you shouldn’t take security seriously. A bug bounty program these days is industry best practice. As Will Moffat sees it: “You don’t want to be the weak link in the chain. You don’t want to be the reason that a customer loses their data, loses faith, or loses trust in you.” 

 “If it’s not clear by now, we’re huge fans of Intigriti. We get a lot out of our bug bounty program. When we talk to other start-ups, we always recommend Intigriti’s services.” – Will Moffat

Do you want to know more?

Intrigued by what you’ve read and want to know more about ethical hacking and bug bounty programs? Get in touch to request a demo with a member of our team today.