The company that designed the chip in your smartphone hopes an entire industry will adopt its new set of rules to lock down connected devices.
When Japanese telecom company SoftBank acquired British chip designer Arm last year for $32 billion, it did so with an eye on more than just phones and tablets. Instead, it hoped that the firm’s chips would help it get one trillion devices online by 2035. But when we spoke to Chris Doran, Arm’s director of research collaborations, last month, he pointed out that security was by far the biggest obstacle facing that push. If there are missteps early on with security, he said, “people will lose faith, so we have to crack those problems.”
He has a point. In the past, we’ve seen hackers take control of cars, compromise children’s toys, and corral vast swaths of devices as an Internet-crippling botnet of things. Security experts have even warned Congress that the Internet of things could end up actually killing people. Connected devices aren’t exactly what you’d call secure, and until now the only real suggestions to improve the state of affairs has been heightening consumer awareness.
But Arm hopes that a new system, called Platform Security Architecture, will change that. Essentially, it’s a set of free, open-source documents and code that define how a device’s software and firmware should be designed to make it secure—a kind of checklist and corresponding set of tools that should, in theory, help device makers build wares that are harder to hack.
Among its recommendations will be that firms use security certificates rather than passwords on connected hardware, so that hackers can’t use default passwords to easily take control of large numbers of devices. It will also suggest that all hardware be equipped to receive over-the-air software updates, so that security flaws can be patched with little effort. And, among other things, it will urge manufacturers to use better forms of hardware identification, so that a device’s credentials can’t be spoofed.
These may sound like commonsense safeguards. But they are all addressing problems that currently leave many devices wide open to attack.
Arm is hoping that by providing checklists and source code to the industry for free, it will be able to get device makers, many of which currently pay little attention to security, to lock down their devices. “This will reduce cost to the industry, making it affordable even in low-cost microcontrollers,” explained Rob Coombs, IoT security director at Arm, in a telephone briefing ahead of the announcement.
So far, big names like Google, Baidu, Cisco, and Sprint have already decided to “endorse or support” the platform, whatever that means. But, as Arm well knows, it will need everyone to get on board if the vision of a trillion secure connected devices can become a reality. And it remains to seen whether “free” will be cheap enough for some device makers.
It will soon be easy for self-driving cars to hide in plain sight. We shouldn’t let them.
If they ever hit our roads for real, other drivers need to know exactly what they are.
Maximize business value with data-driven strategies
Every organization is now collecting data, but few are truly data driven. Here are five ways data can transform your business.
Cryptocurrency fuels new business opportunities
As adoption of digital assets accelerates, companies are investing in innovative products and services.
Where to get abortion pills and how to use them
New US restrictions could turn abortion into do-it-yourself medicine, but there might be legal risks.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.