The company that designed the chip in your smartphone hopes an entire industry will adopt its new set of rules to lock down connected devices.
When Japanese telecom company SoftBank acquired British chip designer Arm last year for $32 billion, it did so with an eye on more than just phones and tablets. Instead, it hoped that the firm’s chips would help it get one trillion devices online by 2035. But when we spoke to Chris Doran, Arm’s director of research collaborations, last month, he pointed out that security was by far the biggest obstacle facing that push. If there are missteps early on with security, he said, “people will lose faith, so we have to crack those problems.”
He has a point. In the past, we’ve seen hackers take control of cars, compromise children’s toys, and corral vast swaths of devices as an Internet-crippling botnet of things. Security experts have even warned Congress that the Internet of things could end up actually killing people. Connected devices aren’t exactly what you’d call secure, and until now the only real suggestions to improve the state of affairs has been heightening consumer awareness.
But Arm hopes that a new system, called Platform Security Architecture, will change that. Essentially, it’s a set of free, open-source documents and code that define how a device’s software and firmware should be designed to make it secure—a kind of checklist and corresponding set of tools that should, in theory, help device makers build wares that are harder to hack.
Among its recommendations will be that firms use security certificates rather than passwords on connected hardware, so that hackers can’t use default passwords to easily take control of large numbers of devices. It will also suggest that all hardware be equipped to receive over-the-air software updates, so that security flaws can be patched with little effort. And, among other things, it will urge manufacturers to use better forms of hardware identification, so that a device’s credentials can’t be spoofed.
These may sound like commonsense safeguards. But they are all addressing problems that currently leave many devices wide open to attack.
Arm is hoping that by providing checklists and source code to the industry for free, it will be able to get device makers, many of which currently pay little attention to security, to lock down their devices. “This will reduce cost to the industry, making it affordable even in low-cost microcontrollers,” explained Rob Coombs, IoT security director at Arm, in a telephone briefing ahead of the announcement.
So far, big names like Google, Baidu, Cisco, and Sprint have already decided to “endorse or support” the platform, whatever that means. But, as Arm well knows, it will need everyone to get on board if the vision of a trillion secure connected devices can become a reality. And it remains to seen whether “free” will be cheap enough for some device makers.
Here’s how a Twitter engineer says it will break in the coming weeks
One insider says the company’s current staffing isn’t able to sustain the platform.
Technology that lets us “speak” to our dead relatives has arrived. Are we ready?
Digital clones of the people we love could forever change how we grieve.
How to befriend a crow
I watched a bunch of crows on TikTok and now I'm trying to connect with some local birds.
Starlink signals can be reverse-engineered to work like GPS—whether SpaceX likes it or not
Elon said no thanks to using his mega-constellation for navigation. Researchers went ahead anyway.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.