MuuseLabs protects children’s IoT devices through Intigriti’s ethical hacking platform

Yannick Merckx
intigriti logo
Will Moffat

As an Internet of Things startup that sells children’s devices through a webshop, MuuseLabs was in double need of protection. Working for children requires a focus on security, and the webshop needs to be protected too. Being a small team, MuuseLabs couldn’t run their own security program. This is where intigriti stepped in.

The biggest change is that we have moved from doing regular security reviews to continuous security improvements. This has been a real step forward in quality."
— Will Moffat, CTO MuuseLabs

About MuuseLabs

MuuseLabs is a family tech and media IoT (Internet of Things) company founded in 2015 by three geek dads and former Google, Huawei and Barco employees. MuuseLabs builds the future of family entertainment by creating experiences that engage children’s imagination and help them grow up. Not isolated by screens, but with a sense of togetherness, safety and purpose.

With this mission in mind, they built a screen-free music player for kids: Jooki. When a kid puts one of the small figurines that come with the speaker on the device, music starts to play. Parents can upload music and audiobooks on Jooki themselves or listen to streaming music with Spotify Premium.

The importance of security when children are concerned

Will Moffat, CTO of MuuseLabs explains: “With Jooki, we are putting technology in children’s rooms. It has to be secure. Jooki is an IoT product for kids. That’s an area we really need to stand out. Internet of Things doesn’t get called Internet of Sh*ts for no reason, we simply need to be security focused. We need customers to trust us.”

How a bug bounty program creates trust

Having a highly skilled, highly dedicated team of security experts look at your IT infrastructure 24/7 creates trust. One of the ways MuuseLabs assure customers’ trust is by pointing to their bug bounty program with intigriti: “Look, we have a world-class program running, you can trust us.”

Pentests versus continuous evaluation

MuuseLabs evaluated pentests, but as their product is continuously evolving, both in terms of features and in terms of security, Will Moffat explains they prefer the services of ethical hackers. “For us it is really important to have continuous evaluation.”

Will Moffat (CTO MuuseLabs) and Yannick Merckx (Success Manager intigriti)

How a start-up with a small team manages security with crowdsourced help

“As a small team, we couldn’t run our own security program,” Will Moffat continues. “We needed a source of high-quality bug reports. We did some research, and one of our investors highly recommended intigriti.”

“The biggest change is that we have moved from doing regular security reviews to continuous security improvements. That has been a real step forward in quality. We have extensive experience of developing for Google and other companies and knowing that you have security researchers looking over your shoulder just makes you go that extra mile to make it even more secure.”

Intigriti results: actionable reports make quick decisions possible

In terms of results, MuuseLabs is really pleased so far. Will Moffat and team now have access to high-quality security researchers, and get high-quality filtered and triaged reports.

“When I get something in my inbox from intigriti, I know that it’s actionable. I know that the security researchers will have created an excellent report that I can immediately assign to one of the team.”
— Will Moffat, CTO MuuseLabs

How an ethical hacker prevented losing webshop sales over Christmas

For Will Moffat the proof is in the pudding. He agrees that security researchers tend to think differently. For MuuseLabs they have definitely raised issues or pointed the team in directions they had not fully evaluated themselves.

The CTO shares an example of what they achieved through intigriti’s help: “We sell a lot of Jooki in the run up to Christmas. An intigriti researcher found a critical bug in our webstore a few months before. We were very grateful that we could patch and fix that bug so that we didn’t lose sales over the Christmas period.”

Will Moffat (CTO), Pieter Palmers (COO) and Theo Marescaux (CEO): MuuseLabs leadership team surrounded by the people they’re doing it for.

Bug bounty as industry best practice: don’t be the weak link

A bug bounty program these days is industry best practice. As Will Moffat sees it: “You don’t want to be the weak link in the chain. You don’t want to be the reason that a customer loses their data, loses faith, loses trust in you.”

Security for start-ups

MuuseLabs shows that having a small team doesn’t mean you shouldn’t take security seriously. “If it’s not clear by now, we’re huge fans of intigriti. We get a lot out of it. When we talk to other start-ups, we definitely recommend intigriti’s services.”


Do you want to save this case study for later reference?

Download this customer story as pdf. Download PDF

Other customer stories to have a look at