Skip to Content
Uncategorized

Arm Has a Plan to Secure the Internet of Things

October 23, 2017

The company that designed the chip in your smartphone hopes an entire industry will adopt its new set of rules to lock down connected devices.

When Japanese telecom company SoftBank acquired British chip designer Arm last year for $32 billion, it did so with an eye on more than just phones and tablets. Instead, it hoped that the firm’s chips would help it get one trillion devices online by 2035. But when we spoke to Chris Doran, Arm’s director of research collaborations, last month, he pointed out that security was by far the biggest obstacle facing that push. If there are missteps early on with security, he said, “people will lose faith, so we have to crack those problems.”

He has a point. In the past, we’ve seen hackers take control of cars, compromise children’s toys, and corral vast swaths of devices as an Internet-crippling botnet of things. Security experts have even warned Congress that the Internet of things could end up actually killing people. Connected devices aren’t exactly what you’d call secure, and until now the only real suggestions to improve the state of affairs has been heightening consumer awareness.

But Arm hopes that a new system, called Platform Security Architecture, will change that. Essentially, it’s a set of free, open-source documents and code that define how a device’s software and firmware should be designed to make it secure—a kind of checklist and corresponding set of tools that should, in theory, help device makers build wares that are harder to hack.

Among its recommendations will be that firms use security certificates rather than passwords on connected hardware, so that hackers can’t use default passwords to easily take control of large numbers of devices. It will also suggest that all hardware be equipped to receive over-the-air software updates, so that security flaws can be patched with little effort. And, among other things, it will urge manufacturers to use better forms of hardware identification, so that a device’s credentials can’t be spoofed.

These may sound like commonsense safeguards. But they are all addressing problems that currently leave many devices wide open to attack.

Arm is hoping that by providing checklists and source code to the industry for free, it will be able to get device makers, many of which currently pay little attention to security, to lock down their devices. “This will reduce cost to the industry, making it affordable even in low-cost microcontrollers,” explained Rob Coombs, IoT security director at Arm, in a telephone briefing ahead of the announcement.

So far, big names like Google, Baidu, Cisco, and Sprint have already decided to “endorse or support” the platform, whatever that means. But, as Arm well knows, it will need everyone to get on board if the vision of a trillion secure connected devices can become a reality. And it remains to seen whether “free” will be cheap enough for some device makers.

Deep Dive

Uncategorized

Uber Autonomous Vehicles parked in a lot
Uber Autonomous Vehicles parked in a lot

It will soon be easy for self-driving cars to hide in plain sight. We shouldn’t let them.

If they ever hit our roads for real, other drivers need to know exactly what they are.

stock art of market data
stock art of market data

Maximize business value with data-driven strategies

Every organization is now collecting data, but few are truly data driven. Here are five ways data can transform your business.

Cryptocurrency fuels new business opportunities

As adoption of digital assets accelerates, companies are investing in innovative products and services.

Mifiprex pill
Mifiprex pill

Where to get abortion pills and how to use them

New US restrictions could turn abortion into do-it-yourself medicine, but there might be legal risks.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.