Skip to Content
Uncategorized

Arm Has a Plan to Secure the Internet of Things

October 23, 2017

The company that designed the chip in your smartphone hopes an entire industry will adopt its new set of rules to lock down connected devices.

When Japanese telecom company SoftBank acquired British chip designer Arm last year for $32 billion, it did so with an eye on more than just phones and tablets. Instead, it hoped that the firm’s chips would help it get one trillion devices online by 2035. But when we spoke to Chris Doran, Arm’s director of research collaborations, last month, he pointed out that security was by far the biggest obstacle facing that push. If there are missteps early on with security, he said, “people will lose faith, so we have to crack those problems.”

He has a point. In the past, we’ve seen hackers take control of cars, compromise children’s toys, and corral vast swaths of devices as an Internet-crippling botnet of things. Security experts have even warned Congress that the Internet of things could end up actually killing people. Connected devices aren’t exactly what you’d call secure, and until now the only real suggestions to improve the state of affairs has been heightening consumer awareness.

But Arm hopes that a new system, called Platform Security Architecture, will change that. Essentially, it’s a set of free, open-source documents and code that define how a device’s software and firmware should be designed to make it secure—a kind of checklist and corresponding set of tools that should, in theory, help device makers build wares that are harder to hack.

Among its recommendations will be that firms use security certificates rather than passwords on connected hardware, so that hackers can’t use default passwords to easily take control of large numbers of devices. It will also suggest that all hardware be equipped to receive over-the-air software updates, so that security flaws can be patched with little effort. And, among other things, it will urge manufacturers to use better forms of hardware identification, so that a device’s credentials can’t be spoofed.

These may sound like commonsense safeguards. But they are all addressing problems that currently leave many devices wide open to attack.

Arm is hoping that by providing checklists and source code to the industry for free, it will be able to get device makers, many of which currently pay little attention to security, to lock down their devices. “This will reduce cost to the industry, making it affordable even in low-cost microcontrollers,” explained Rob Coombs, IoT security director at Arm, in a telephone briefing ahead of the announcement.

So far, big names like Google, Baidu, Cisco, and Sprint have already decided to “endorse or support” the platform, whatever that means. But, as Arm well knows, it will need everyone to get on board if the vision of a trillion secure connected devices can become a reality. And it remains to seen whether “free” will be cheap enough for some device makers.

Keep Reading

Most Popular

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

OpenAI teases an amazing new generative video model called Sora

The firm is sharing Sora with a small group of safety testers but the rest of us will have to wait to learn more.

Google’s Gemini is now in everything. Here’s how you can try it out.

Gmail, Docs, and more will now come with Gemini baked in. But Europeans will have to wait before they can download the app.

This baby with a head camera helped teach an AI how kids learn language

A neural network trained on the experiences of a single young child managed to learn one of the core components of language: how to match words to the objects they represent.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.