Rivals ARM and Intel Make Peace To Secure Internet of Things

Rival semiconductor giants ARM and Intel have agreed to work together to manage networks of connected devices from both firms, clearing a major stumbling block to market growth of the so-called Internet of Things (IoT). From a report: Britain's ARM, a unit of Japan's Softbank, said on Monday it had struck a strategic partnership with Intel to use common standards developed by Intel for managing IoT devices, connections and data. The IoT involves connecting simple chips that detect distance, motion, temperature, pressure and images to be used in an ever wider range of electronics such as lights, parking meters or refrigerators.

Some of the world's dumbest electronics devices get smarter by becoming connected into cloud networks, but also harder to protect. ARM's agreement to adopt Intel standards for securely managing such networks marks a breakthrough that promises to drive the spread of IoT across many industries, the two companies said.

Information free content

[AmiMoJo]

There is zero detail about what this actually means. Presumably they agreed on a protocol, but what protocol? What is the significance for ARM, are they going to add protocol acceleration to the next generation of the ARM spec?

Re:

[evanh]

AKA, a backdoor.

Re:

[bugs2squash]

Exactly, and how is an improvement over CAN, I2C or SPI - let me guess, more royalties...

Re:

[Camembert]

The article briefly mentions "Intel’s Secure Device Onboard specifications".

Re:

[AmiMoJo]

I thought this was supposed to make IoT more secure, and now they want to introduce Intel vulnerabilities into it?

In Intel lingo "secure" means "nobody found the flaws yet".

Re:

[Anonymous Coward]

The "Intel Secure Device Onboard" (Intel SDO) protocol. Buried in the article: "ARM’s recently introduced Pelion IoT management platform will rely on Intel’s Secure Device Onboard specifications announced a year ago."

Re:

[ItsJustAPseudonym]

Right. The meat of the information is in the last paragraph of the press release. The rest is all 'market growth', 'strategic partnership', 'breakthrough', 'acceleration', and other B.S.

This piece of marketing hooey was particularly funny:

Some of the world’s dumbest electronics devices get smarter by becoming connected into cloud networks...

Re:

[DickBreath]

It means they agree to "secure" things by standardizing the "management engine" across different processor architectures. That avoids needing multiple tools, techniques and education in order to spy on the world's computers -- regardless of which architecture they use. Intel and ARM agree. The government doesn't have to force an agreement. There is No Such Agency that would have any interest in forcing Intel and ARM to 'voluntarily' agree to any such thing.

Re:

[SirSlud]

So you're saying security via obscurity additional complexity/costs/number of tools is what will prevent the NSA's of the world from spying on IoT devinces?

Uh .. you sure you want to claim that this is a cogent argument?

Re:

[Darinbob]

My guess is it will be 100% software, they'll agree on a standard which will only apply to those companies that slavishly do whatever ARM and Intel do, but which won't affect the majority of devices.

I could be wrong though. The biggest security feature missing right now on smaller chips (and big ones) is secure key storage. That means being able to do all your encryption/decryption without the key ever entering RAM. Even 5 years ago this was considered too much effort for too little value, or another way

Re:

[arglebargle_xiv]

Sorry, let me translate into plainer language.

The lion and the lamb agreed to sit down together for dinner. There was a pot of mint sauce on the table.

RISC V it is then

[xxxLCxxx]

Sorry, but I don't want that ME or something alike. I'm not that dumb a device.

It's a trap!

[pak9rabid]

Intel is the hardware equivalent of old MS. Tread carefully ARM.

Re:

[DickBreath]

Use the superposition mod.

Indecision on how to mod means you need a different pull up resistor. Or your flip-flop is broken. The up / down thing can be corrected with viagra or cialis.

Re:

[ArhcAngel]

Microsoft only wishes it could have pulled off the kind of stunts Intel has. "We'd like to have a look at your bus architecture to optimize our CPU for it" Six months later..."What do you mean we stole your bus architecture? You licensed it to us remember? No? Well it would be a shame if you suddenly had to purchase all of your CPUs from the retail sector now wouldn't it? I see NOW you remember!"

Re:

[Anonymous Coward]

Intel does hold an ARM license [wikipedia.org].

Just kill it

[Rick Schumann]

We don't need 'Internet of Things', it's a solution looking for a problem, always has been, always will be.

Re:

[thegarbz]

We don't need 'Internet of Things', it's a solution looking for a problem, always has been, always will be.

What a brain-dead comment. IoT is not a solution looking for a problem. It's a name change representing technological development that has been ongoing for the past 20 years. Unless it is you think IoT = Internet connected fridge, in which case it's like saying the entire world of computing exists only to fill out data in an excel table and therefore computers are useless.

Re:

[Anonymous Coward]

it's a solution looking for a problem, always has been, always will be.

Maybe it is when we consider it's most frivolous side like as an enabler of home automation, but we can't ignore the real business use as enabler of distributed data collection thru use of sensors and whatnot. There's money to be made there and choosing to ignore it is idiotic, to put it lightly.

Re:

[Darinbob]

It's a solution to many existing problems. However the media focus has been on the consumer side of things where the problems are trivial and don't really need solving. In business, industry, and science, there is a real need for sensor devices that can be communicated with remotely, whether directly on the internet or a private network.

Re:

[Rick Schumann]

Well then call those something other than 'Internet of Things' devices because you're not doing yourself any favors. What you're talking about are for serious use, not so-called 'conveniences' that nobody needs and that don't really serve much of a useful purpose, existing mainly to collect more and more data on people's private lives.

Great news!

[bjdevil66]

Great news! Now my IoT recycling bin will be able to tell my IoT refrigerator that I just threw out my 2nd gallon of milk and order another one from Amazon to be delivered without any action on my part!

Or my IoT couch can measure and compare my weight and pulse from week to week and automatically cancel my gym membership I'm not using enough.

Or my IoT alarm clock can tell junk manufacturer Chinesium Inc. how long it takes me to climb out of bed and turn off the alarm.

Or my IoT Sonicare toothbrush can narc

Privacy anyone ?

[Anonymous Coward]

Softbank ? The same that are backed by Saudi Arabia. The same that are killing dissidents in their ambassies ?

No wonder why our rights are going into the recycling bin lately.

Thanks but no thanks.

Anonymously yours,

I'm surprised...

[thegreatbob]

... that they aren't trying to StrongARM them into compliance. Or maybe they are...

I can't come up with a good pun for the DEC angle, but I think we'll live.

Dumb

[thegarbz]

Who cares what Intel and ARM do with their chips as long as manufacturers ship devices with default passwords, outdated software, no encryption, and whisk all the data from the devices off into some silly unsecured cloud.

Re:

[ItsJustAPseudonym]

If you search for "Secure Device Onboard", and then go to the link on the Intel site, it shows a whole chain of trust in which the manufacturer has to participate. So, the point is that the manufacturers have to be onboard for this. There's even an entity called a 'Device Management Service Provider' that is named there.

That being said, there seems to be nothing to stop manufacturers from simply not participating, as long as they don't want the 'Secure Device Onboard' certification. So...yep, plenty of de

Re:

[thegarbz]

Implying that a chain of trust somehow stops backdoors and stupid inexperienced coders who couldn't code their way through a bubble sort. Certifications do not trump low cost, especially if that cost involves opening your code to 3rd parties.

It's DRM.

[Anonymous Coward]

https://en.wikipedia.org/wiki/Enhanced_privacy_ID#Content_protection

Solution!

[Zorro]

Paint the WiFi Chip bright Orange by law so we can rip it out.

Re:

[bugs2squash]

They will achieve compliance by making all the chips orange.