Three Recent IoT Platforms That Show Smart Home Security Isn’t Just a Software ProblemJanuary 22, 2020 by Robin Mitchell
Here are a few developers that have taken extra precautions to bake security into IoT components at the silicon level.
The issue of smart home security has once again been pushed into the spotlight with the latest incident: a hacker accessing the Ring security camera in a young girl's room.
According to CNN journalists Elizabeth Wolfe and Brian Ries, the hacker proceeded to harass the child, telling her he was "Santa Claus" and encouraging her to destroy her room.
Ring responded to the incident, claiming that the hacker accessed the camera, not through a data breach or a Ring security flaw, but through the victimized family's weak account security.
While consumers should certainly employ security best practices, like choosing unique passwords and setting up two-step authentification, incidents like this one and dozens like it represent a growing trend of smart home vulnerabilities.
Although security has often been discussed as a software problem or a consumer problem, some developers have taken extra precautions to bake security into IoT components at the silicon level.
Here are a few semiconductor companies that have recently released components with hardware security in mind.
MediaTek's Rich IoT Builds On Arm's Firmware
One example of a company taking hardware security to heart is MediaTek. The semiconductor company recently announced a new IoT chipset, Rich IoT, which is designed to tackle IoT challenges related to voice recognition, display, and vision.
MediaTek claims that hardware security was a priority since the inception of this chipset, reflected in the company's choice to build in Arm’s TrustZone security technology.
Arm posits that TrustZone technology establishes "a device root of trust based on Platform Security Architecture (PSA) guidelines" and offers ongoing support with operating system updates and security patches.
Diagram of Arm's TrustZone technology for Armv8-A. Image used courtesy of Arm
Arm TrustZone is said to only execute code that is authorized and authenticated to ensure that malicious code has not been injected into a firmware update (this is what secure boot is particularly good at).
In addition to firmware security, the Rich IoT chipset comes with a software package called the “Board Support Package” (BSP), which allows over-the-air security updates for the Linux kernel, OpenSSL, and Yocto.
This solution addresses a pressing problem of IoT devices—that they often go un-updated, despite bugs that can be hard to fix on the fly.
Though security is paramount at the hardware level, a software-update tool is also essential to ensure that IoT devices are protected from new issues, making them less vulnerable to attackers.
IoTeX "Secure Hardware"
The company prides itself as a leading privacy-IoT platform, incorporating multiple authorization technologies. These include blockchain, confidential computing, and decentralized identity.
Pebble Tracker. Image used courtesy of IoTeX
This range of products incorporates Intel and Arm's Trusted Execution Environment in addition to blockchain technology. This combination is said to ensure that code executed is 1) secure from attackers and 2) authenticated.
IoTeX also factored in data management in the new chipset.
Many other companies sell user data for profit without the user's consent, or the company obtains "consent" using dense, difficult-to-read contracts. (Haven't we all, at some point, clicked “I Agree” without reading the 5,000-word terms and conditions?)
But IoTeX claims that with their product lines, users are the sole owners of their data with the opportunity to sell or trade data to third-party services, reveal data to service providers, or keep it entirely private—even from IoTeX or IoT manufacturers.
Silicon Labs' SoC Applies Root-of-Trust Secure Loader
Silicon Labs' ERF32BG22 is another example of how IoT SoCs are shifting toward hardware security. The (PDF) SoC incorporates all the typical features you would expect from an IoT SoC including Bluetooth, Wi-Fi, an Arm Cortex processor, clock management, and peripherals; but multiple security features are also included.
Block diagram of EFR32BG22. Image used courtesy of (PDF) Silicon Labs
Like MediaTek's Rich IoT platform and IoTeX's product line, Silicon Labs' new SoC includes Arm's TrustZone to create a secure hardware environment for the main application code to run.
It also incorporates secure-boot, Root-of-Trust Secure Loader (RTSL), which can ensure the authenticity of firmware updates as well as the booting sequence. This ensures that malicious code cannot be injected into the boot sequence.
The SoC also includes hardware cryptography, a true random number generator, and a secure debug to allow designers to safely debug devices while not leaving them potentially exposed to attackers.
When IoT devices were first introduced, many designers did not incorporate strong security features (if at all).
Now that users are becoming aware of troubling security problems, as in the Ring security camera incident, many designers must consider at least some measure of hardware security to prevent attackers from accessing data.
Many designs are utilizing secure boot systems whereby only authenticated boot code can be accessed and some designs even include multistage boot load sequences. Updating devices over-the-air can be highly beneficial as it can patch potential security risks, but this may be exploitable with a rogue update.
For many years, hardware engineers only incorporated simple security features such as IP protection. But now that attackers are increasingly hacking hardware, we should continue to develop ways to prevent our smart home devices from becoming gateways to places we never intended.