ARM on IoT Security: 'You Need to Worry About This'


SANTA CLARA, Calif.—According to security experts, the cyberattack that shut down large portions of the Internet in the US last week was extremely easy to predict. But if you ask ARM, the company that makes the chips inside many of the devices involved in the attack, defending against another one like it is not so simple.

ARM's microprocessors are present in the vast majority of smartphones and devices that make up the Internet of Things (IoT). Its executives and partners convened this week in Silicon Valley for an annual conference that could not have been better timed: after last week's attack, everyone who owns an Internet-connected baby monitor is probably wondering what they can do to protect themselves from hackers.

The most obvious solution, as it is for most things in the tech industry these days, lies in the cloud. Consumers who own webcams, thermostats, Wi-Fi routers, smart lightbulbs, and the like can't possibly expect to keep their software and firmware all up to date—it's hard enough to keep up with Windows 10 updates.

So ARM is now proposing a cloud solution that will enable device manufacturers to push software and firmware updates over the air without consumers doing anything.

"If you're a device maker building some IoT product, you really ought to be worrying about constantly updating the firmware that's in it," ARM CEO Simon Segars said. His solution, called Mbed Cloud, is part open-source operating system and part Salesforce-like platform: manufacturers will pay a nominal fee every time they use it to push an update to one of their devices, but they can customize the OS and install it on the device for free.

Mbed Cloud is not unique: there are dozens of remote device management solutions currently on the market, and nearly all of them claim to offer some sort of protection against hackers. So its principal advantage is that it comes from ARM, which means it will automatically work with the chips in 99 percent of the world's smartphones and tablets and millions of more mundane devices, from traffic lights to refrigerators.

"Any ARM licensee building a device based around our technology can do so in a way where the software that's on the chip can talk to Mbed Cloud," Segars said. "Those basic security features that any IoT device is going to need can be provided for."

But asked how effective it would be at preventing an attack like the one that crippled US Internet infrastructure last week, ARM's experts still hedged their bets. A lot will depend on whether or not the cloud is able to detect abnormal network activity, explained Michael Horne, who's in charge of marketing for ARM's IoT unit.

Theoretically, the cloud would flag a massive increase as the result of a cyberattack—say, if a camera is designed to upload data once an hour but starts uploading multiple times per second. But because much of Mbed Cloud will be open source, its capability to detect such an increase depends on what type of data the device manufacturer allows it to access.

"Our customers own their data," Horne said. "We don't."

ARM's challenge, then, is the same one that faces IoT security experts like Michael Krebs, who tells anyone who will listen about how putting billions of devices on the Internet without a careful plan to protect them against hackers is a bad idea. Segars agrees.

"Just yesterday we were looking at a product that somebody had built using an ARM-based chip," he said. "The security is non-existent. I mean, scarily bad. You can see the Wi-Fi password going by in clear text. Lots of people are building products like that."

Before last week, though, even people who are early adopters of IoT devices likely didn't lose sleep over how they're secured. Now that consumer awareness has perked up, Segars hopes that companies making light bulbs baby monitors now will pay more attention to security.

"Are people worrying today about constantly updating the firmware?" Segars wondered. "Probably not, but they ought to, and the hacks of the last couple weeks should tell people that you need to worry about this."

0 Comment

Leave a Reply

Captcha image


  • 5300c769af79e

    Report: US Military 'Dropping Cyber Bombs' on ISIS

    The US is reportedly looking to drop "cyberbombs" on ISIS.According to The New York Times, the military's Cyber Command is working to disrupt the Islamic State's ability to communicate with one another and potential recruits online.
  • 5300c769af79e

    The Best Email Marketing Software of 2016

    There's a long list of email marketing services available and most operate at relatively low prices, with packages to fit every business size and need.Many email marketing plans include unlimited email sends each month and bill you based on the number of subscribers.
  • 5300c769af79e

    Motorola Announces Moto G5 Plus for US, Starts at $229

    Motorola has gone ahead and announced their new G series phones, the Moto G5 and Moto G5 Plus.We’re going to focus on the Moto G5 Plus here because it’s the only model coming to the US.
  • 5300c769af79e

    Want to Brick an iPhone? Send Some Emojis

    Like a fainting goat who freezes at the first sign of a farmer, an iPhone running iOS 10 can be bricked by sending just a few emojis in the Messages app.Send all four of these at once, and the recipient's device will seize up and eventually restart.