Security news that informs and inspires

BlackBerry Turns Focus to IoT Security


In its short time on this earth, the Internet of Things has managed to accumulate a large number of nicknames, none of which is very flattering. Most of those epithets have something to do with IoT devices not being so secure. BlackBerry, the erstwhile mobile device maker, is hoping to change that state of affairs with a set of new software offerings to help IoT manufacturers build more secure software and hardware.

The rush in recent years to make every device under the sun Internet-enabled has led to some unfortunate security outcomes for users and manufacturers. Many hardware makers that are producing IoT devices may not have mature internal software security processes, especially manufacturers that are mainly focused on building consumer-grade devices. Priority tends to be given to getting devices into the marketplace as quickly and inexpensively as possible. Hardening the software and hardware against attacks takes considerable time and money.

BlackBerry is offering a new set of services that’s meant to take much of the security burden off of manufacturers by supplying hardware and software security support during both the manufacturing and development processes. There are three separate offerings, including one that provides manufacturers with a system to establish a hardware Root of Trust for devices, connected to the BlackBerry network operations center.

“During manufacturing, a BlackBerry Secure Identity Service Key is injected into the hardware and recorded on a secure server. Both at launch and periodically throughout the product’s lifecycle, checks are performed to verify that the two keys match. If they do not, the device no longer boots,” BlackBerry said.

“IoT device manufacturers can address security and privacy concerns head-on and stand out in the cluttered IoT space."

Another of the new services, the Secure Foundations Feature Pack, focuses on making the software in IoT devices more secure.

“In addition to hardening the operating system kernel, the Foundations Pack locks down software being executed with Secure Boot and ARM Trustzone technology to securely generate, use and store encryption keys used for various software operations. It also includes the BlackBerry Integrity Detection (BID) service which various components (kernel, Pathtrust, SELinux, etc) across the software stack, and generates real-time ‘health’ reports that can be accessed by users and trusted third-party applications,” the company said.

The first few generations of IoT devices have mostly consisted of products that were retrofitted with connectivity and other functionality. Newer devices are being designed from the beginning to be connected, but that hasn’t necessarily translated into better security. Researchers and attackers have had little trouble finding weaknesses in many IoT devices, including home automation systems, smart city devices, and vehicle infotainment and operation systems. The lack of security in many connected devices has emerged as a serious concern in recent years, and, if history is any guide, the road to secure development and manufacturing practices will be a long one.

“IoT device manufacturers can address security and privacy concerns head-on and stand out in the cluttered IoT space by bringing to market ultra-secure products that consumers, retailers, and enterprises want to buy and use,” Alex Thurber, senior vice president and general manager of mobility solutions at BlackBerry, said.