Skip to Content
Uncategorized

Arm Has a Plan to Secure the Internet of Things

October 23, 2017

The company that designed the chip in your smartphone hopes an entire industry will adopt its new set of rules to lock down connected devices.

When Japanese telecom company SoftBank acquired British chip designer Arm last year for $32 billion, it did so with an eye on more than just phones and tablets. Instead, it hoped that the firm’s chips would help it get one trillion devices online by 2035. But when we spoke to Chris Doran, Arm’s director of research collaborations, last month, he pointed out that security was by far the biggest obstacle facing that push. If there are missteps early on with security, he said, “people will lose faith, so we have to crack those problems.”

He has a point. In the past, we’ve seen hackers take control of cars, compromise children’s toys, and corral vast swaths of devices as an Internet-crippling botnet of things. Security experts have even warned Congress that the Internet of things could end up actually killing people. Connected devices aren’t exactly what you’d call secure, and until now the only real suggestions to improve the state of affairs has been heightening consumer awareness.

But Arm hopes that a new system, called Platform Security Architecture, will change that. Essentially, it’s a set of free, open-source documents and code that define how a device’s software and firmware should be designed to make it secure—a kind of checklist and corresponding set of tools that should, in theory, help device makers build wares that are harder to hack.

Among its recommendations will be that firms use security certificates rather than passwords on connected hardware, so that hackers can’t use default passwords to easily take control of large numbers of devices. It will also suggest that all hardware be equipped to receive over-the-air software updates, so that security flaws can be patched with little effort. And, among other things, it will urge manufacturers to use better forms of hardware identification, so that a device’s credentials can’t be spoofed.

These may sound like commonsense safeguards. But they are all addressing problems that currently leave many devices wide open to attack.

Arm is hoping that by providing checklists and source code to the industry for free, it will be able to get device makers, many of which currently pay little attention to security, to lock down their devices. “This will reduce cost to the industry, making it affordable even in low-cost microcontrollers,” explained Rob Coombs, IoT security director at Arm, in a telephone briefing ahead of the announcement.

So far, big names like Google, Baidu, Cisco, and Sprint have already decided to “endorse or support” the platform, whatever that means. But, as Arm well knows, it will need everyone to get on board if the vision of a trillion secure connected devices can become a reality. And it remains to seen whether “free” will be cheap enough for some device makers.

Keep Reading

Most Popular

Here’s how a Twitter engineer says it will break in the coming weeks

One insider says the company’s current staffing isn’t able to sustain the platform.

Technology that lets us “speak” to our dead relatives has arrived. Are we ready?

Digital clones of the people we love could forever change how we grieve.

How to befriend a crow

I watched a bunch of crows on TikTok and now I'm trying to connect with some local birds.

Starlink signals can be reverse-engineered to work like GPS—whether SpaceX likes it or not

Elon said no thanks to using his mega-constellation for navigation. Researchers went ahead anyway.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.