Writing for Semiconductor Engineering, Ernest Worthman notes that approximately six billion people rely on a variety of mobile devices to shop, bank, interface with social media and monitor their health.
“Unless you are on the inside track and know better, one would think that all that data is secure. Reality is somewhat different,” Worthman explains. “A mobile society has tremendous benefits, but those benefits come with a price. The advantages are obvious, but the price can be very steep if security isn’t a primary consideration.”
Steve Woo, a VP and distinguished inventor at Rambus, tells Semiconductor Engineering the most important thing one can do to protect mobile devices such as smartphones and tablets in the age of the IoE is to secure the silicon itself.
“If a degree of security can be integrated at the chip level, then issues with over-the-air (OTA) programming can be minimized, if not eliminated,” he says. “It is the most robust way to secure things.”
Indeed, as Patrick Nielsen, senior security researcher at Kaspersky Labs confirms, OTA is one of the weakest security vectors.
“By far the biggest problem that mobile security has is [OTA] update delivery,” says Nielsen.
Exacerbating the problem is the way in which the developer model has evolved.
“The developer ecosystem has moved to a model where anyone can become a developer and develop active content that lands on hundreds of millions of devices,” notes Intel Security CTO Steve Grobman. “On some of the platforms there are high levels of ‘latency’ between the detection of a vulnerability and a patch being applied.”
Looking beyond traditional mobile devices, Simon Blake-Wilson, a VP at Rambus’ Cryptography Research Division, says the rapidly evolving IoE can be viewed as “mobile on steroids.” And although manufacturers may consider deploying dedicated security chips for mobile phones and tablets, this approach might not be appropriate for low-cost devices such as sensors.
According to Blake-Wilson, IoE trends are likely to favor the integration of security into general-purpose (GP) chips for many lower-end devices – instead of deploying unsecured GP chips paired with dedicated cryptography processor.
“However this goes, key security will still be the number one action item for mobile devices,” adds CEO of PFP Cybersecurity Steven Chen. “[This is] because there will still be a lot of hackers trying to compromise security keys on mobile devices, from reverse engineering to side-channel attacks.”
Clearly, a collaborative effort by all interested players needs to be implemented if the IoE is to be secured.
“Everybody brings something to the table. The security platform will be much more effective if players realize that security is a component that is best handled by certain components, at certain layers and by the experts that do it best,” concludes Worthman.