ARM on IoT Security: 'You Need to Worry About This'


SANTA CLARA, Calif.—According to security experts, the cyberattack that shut down large portions of the Internet in the US last week was extremely easy to predict. But if you ask ARM, the company that makes the chips inside many of the devices involved in the attack, defending against another one like it is not so simple.

ARM's microprocessors are present in the vast majority of smartphones and devices that make up the Internet of Things (IoT). Its executives and partners convened this week in Silicon Valley for an annual conference that could not have been better timed: after last week's attack, everyone who owns an Internet-connected baby monitor is probably wondering what they can do to protect themselves from hackers.

The most obvious solution, as it is for most things in the tech industry these days, lies in the cloud. Consumers who own webcams, thermostats, Wi-Fi routers, smart lightbulbs, and the like can't possibly expect to keep their software and firmware all up to date—it's hard enough to keep up with Windows 10 updates.

So ARM is now proposing a cloud solution that will enable device manufacturers to push software and firmware updates over the air without consumers doing anything.

"If you're a device maker building some IoT product, you really ought to be worrying about constantly updating the firmware that's in it," ARM CEO Simon Segars said. His solution, called Mbed Cloud, is part open-source operating system and part Salesforce-like platform: manufacturers will pay a nominal fee every time they use it to push an update to one of their devices, but they can customize the OS and install it on the device for free.

Mbed Cloud is not unique: there are dozens of remote device management solutions currently on the market, and nearly all of them claim to offer some sort of protection against hackers. So its principal advantage is that it comes from ARM, which means it will automatically work with the chips in 99 percent of the world's smartphones and tablets and millions of more mundane devices, from traffic lights to refrigerators.

"Any ARM licensee building a device based around our technology can do so in a way where the software that's on the chip can talk to Mbed Cloud," Segars said. "Those basic security features that any IoT device is going to need can be provided for."

But asked how effective it would be at preventing an attack like the one that crippled US Internet infrastructure last week, ARM's experts still hedged their bets. A lot will depend on whether or not the cloud is able to detect abnormal network activity, explained Michael Horne, who's in charge of marketing for ARM's IoT unit.

Theoretically, the cloud would flag a massive increase as the result of a cyberattack—say, if a camera is designed to upload data once an hour but starts uploading multiple times per second. But because much of Mbed Cloud will be open source, its capability to detect such an increase depends on what type of data the device manufacturer allows it to access.

"Our customers own their data," Horne said. "We don't."

ARM's challenge, then, is the same one that faces IoT security experts like Michael Krebs, who tells anyone who will listen about how putting billions of devices on the Internet without a careful plan to protect them against hackers is a bad idea. Segars agrees.

"Just yesterday we were looking at a product that somebody had built using an ARM-based chip," he said. "The security is non-existent. I mean, scarily bad. You can see the Wi-Fi password going by in clear text. Lots of people are building products like that."

Before last week, though, even people who are early adopters of IoT devices likely didn't lose sleep over how they're secured. Now that consumer awareness has perked up, Segars hopes that companies making light bulbs baby monitors now will pay more attention to security.

"Are people worrying today about constantly updating the firmware?" Segars wondered. "Probably not, but they ought to, and the hacks of the last couple weeks should tell people that you need to worry about this."

0 Comment

Leave a Reply

Captcha image


  • 5300c769af79e

    Samsung Catches a Small Break in Midst of Note 7 Battery Pummeling

    5 million Galaxy Note 7 smartphones.Product Exchange Program Samsung announced earlier this month, Galaxy Note 7 owners can exchange their devices for a new Galaxy Note 7, or for a Galaxy S7 or GalaxyS7 edge, with price differences refunded.
  • 5300c769af79e

    Here’s what ‘bokeh’ is, and how the iPhone 7 Plus fakes it

    This is why the iPhone 7 Plus’ bokeh capability is a big deal.(Note: The iPhone 7 Plus won’t offer this feature when it goes on sale, on September 16, but arrive in a future software update.
  • 5300c769af79e

    Microsoft Bans Stupid Passwords

    As long as we use alphanumeric passwords, people will always try to safeguard personal data with codes like "123456" or "password.Gathering data from 10 million-plus daily account attacks, Redmond maintains a regularly updated list of taboo passwords—"dynamically banned" codes that the company prevents customers from using.
  • 5300c769af79e

    Proactively Manage Threats in the Financial Industry

    Download How do companies in the financial industry better manage risk in a dynamic business environment and keep high-value data safe?Download the case study, "Proactively Challenge Cyber Threats in the Financial Industry," to learn how monitoring the appearance and price trends of specific Bank Identification Numbers (BINs) on the dark web helped this regional bank proactively manage data breaches.