Slashdot Mirror

← Back to Stories (view on slashdot.org)

Rivals ARM and Intel Make Peace To Secure Internet of Things (reuters.com)

Posted by msmash on from the marching-together dept.

Rival semiconductor giants ARM and Intel have agreed to work together to manage networks of connected devices from both firms, clearing a major stumbling block to market growth of the so-called Internet of Things (IoT). From a report: Britain's ARM, a unit of Japan's Softbank, said on Monday it had struck a strategic partnership with Intel to use common standards developed by Intel for managing IoT devices, connections and data. The IoT involves connecting simple chips that detect distance, motion, temperature, pressure and images to be used in an ever wider range of electronics such as lights, parking meters or refrigerators.

Some of the world's dumbest electronics devices get smarter by becoming connected into cloud networks, but also harder to protect. ARM's agreement to adopt Intel standards for securely managing such networks marks a breakthrough that promises to drive the spread of IoT across many industries, the two companies said.

53 comments

  1. Information free content by AmiMoJo · · Score: 3, Interesting

    There is zero detail about what this actually means. Presumably they agreed on a protocol, but what protocol? What is the significance for ARM, are they going to add protocol acceleration to the next generation of the ARM spec?

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    1. Re:Information free content by evanh · · Score: 2

      AKA, a backdoor.

    2. Re:Information free content by bugs2squash · · Score: 1

      Exactly, and how is an improvement over CAN, I2C or SPI - let me guess, more royalties...

      --
      Nullius in verba
    3. Re:Information free content by Camembert · · Score: 2

      The article briefly mentions "Intel’s Secure Device Onboard specifications".

    4. Re:Information free content by Anonymous Coward · · Score: 2, Informative

      The "Intel Secure Device Onboard" (Intel SDO) protocol. Buried in the article: "ARM’s recently introduced Pelion IoT management platform will rely on Intel’s Secure Device Onboard specifications announced a year ago."

    5. Re: Information free content by Anonymous Coward · · Score: 0

      Agreed.. We can not have Any computing platform without backdoors now can we?

      And since intel is so good at maling so called secret backdoors that permanentet destroys security they are the obvious choice

      We would NOT want a backdoor that is not yet known to cyber criminals like AMD trustzone
      Now would we?

      Bad move ARM... Intel is FAIL

    6. Re:Information free content by DickBreath · · Score: 1

      It means they agree to "secure" things by standardizing the "management engine" across different processor architectures. That avoids needing multiple tools, techniques and education in order to spy on the world's computers -- regardless of which architecture they use. Intel and ARM agree. The government doesn't have to force an agreement. There is No Such Agency that would have any interest in forcing Intel and ARM to 'voluntarily' agree to any such thing.

      --

      I'll see your senator, and I'll raise you two judges.
    7. Re:Information free content by Anonymous Coward · · Score: 0

      > There is zero detail about what this actually means.

      I don't know what it means either, but you can be certain that it won't be done in your interest.

    8. Re:Information free content by Anonymous Coward · · Score: 0

      Intel ME Everywhere! Speaking of the letters, why doesn't the summary speak of the national and international engineering standards that Intel surely has submitted for comments and approval?

    9. Re:Information free content by Anonymous Coward · · Score: 0

      Intel's management engine, and Intel's AMT weren't clues enough?

      We have had such protocols for ages, it's called IPMI. IPMI lacks security because it was NOT designed to be on the internet-facing side of the server, but is routinely connected that way.

      So my guess is that this going to be some variation on IPMI over WiFi.

    10. Re:Information free content by SirSlud · · Score: 1

      So you're saying security via obscurity additional complexity/costs/number of tools is what will prevent the NSA's of the world from spying on IoT devinces?

      Uh .. you sure you want to claim that this is a cogent argument?

      --
      "Old man yells at systemd"
    11. Re:Information free content by Anonymous Coward · · Score: 0

      ARM represents most of IoT and Intel is a big player for all things computing. Them working together to create a standard instead of competing with patents is a hypothetical boon to the entire industry.

    12. Re:Information free content by AmiMoJo · · Score: 1

      I thought this was supposed to make IoT more secure, and now they want to introduce Intel vulnerabilities into it?

      In Intel lingo "secure" means "nobody found the flaws yet".

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    13. Re:Information free content by Darinbob · · Score: 1

      My guess is it will be 100% software, they'll agree on a standard which will only apply to those companies that slavishly do whatever ARM and Intel do, but which won't affect the majority of devices.

      I could be wrong though. The biggest security feature missing right now on smaller chips (and big ones) is secure key storage. That means being able to do all your encryption/decryption without the key ever entering RAM. Even 5 years ago this was considered too much effort for too little value, or another way of saying security wasn't important. But there are several vendors now seriously moving forward to increase security (ie, SoC vendors).

      Also important is to move away from "just barely acceptable" consumer oriented security standards, like pre-shared-keys with WiFi or Bluetooth based devices.

    14. Re:Information free content by ItsJustAPseudonym · · Score: 1
      Right. The meat of the information is in the last paragraph of the press release. The rest is all 'market growth', 'strategic partnership', 'breakthrough', 'acceleration', and other B.S.

      This piece of marketing hooey was particularly funny:

      Some of the world’s dumbest electronics devices get smarter by becoming connected into cloud networks...

    15. Re:Information free content by Anonymous Coward · · Score: 0

      Look, they're not going to come right out and admit they're building Skynet.

    16. Re:Information free content by arglebargle_xiv · · Score: 1

      Sorry, let me translate into plainer language.

      The lion and the lamb agreed to sit down together for dinner. There was a pot of mint sauce on the table.

    17. Re:Information free content by Anonymous Coward · · Score: 0

      Not merely that, a backdoor under the control of Russian Trolls, running systemd.

  2. Comment removed by account_deleted · · Score: 0

    Comment removed based on user account deletion

  3. RISC V it is then by xxxLCxxx · · Score: 1

    Sorry, but I don't want that ME or something alike. I'm not that dumb a device.

    1. Re:RISC V it is then by Anonymous Coward · · Score: 0

      Intel sold that new 486 SoC : Quark CPU, Edison board. Oh well, the Galileo board has the single core "486" (with i586 instruction set) and the Edison was a dual core Atom, combined with a 100MHz Quark. (and that is particularly unclear/dubious!)

      It was a market failure, poor or no support, released with no people wanting it. "makers" didn't want to buy an Intel board at $100 with no GPU when there is $20, $30 ARM boards with GPU.
      Why am I bringing up this forgotten hardware from the dead? I believe the simple 486-like "Quark" CPU core is used in the Intel ME. If so, the "Intel Galileo Gen. 2" was the closest thing to putting an Intel ME on a stick!
      Not a literal ME, you were supposed to run linux or something.

  4. Working Together, but differently by Anonymous Coward · · Score: 0

    I know people who work together - and it means shit.
    lets see Intel gave faulty pre-ex to ARM - and like a thalidomide maker, stayed mum.
    The only crocodle tear they share is hatred of Broadcom

  5. It's a trap! by pak9rabid · · Score: 2

    Intel is the hardware equivalent of old MS. Tread carefully ARM.

    1. Re:It's a trap! by Anonymous Coward · · Score: 0

      Don't worry, they will keep them at ARM's length.

    2. Re:It's a trap! by ArhcAngel · · Score: 1

      Microsoft only wishes it could have pulled off the kind of stunts Intel has. "We'd like to have a look at your bus architecture to optimize our CPU for it" Six months later..."What do you mean we stole your bus architecture? You licensed it to us remember? No? Well it would be a shame if you suddenly had to purchase all of your CPUs from the retail sector now wouldn't it? I see NOW you remember!"

      --
      "A person is smart. People are dumb, panicky dangerous animals and you know it." - K
    3. Re:It's a trap! by Anonymous Coward · · Score: 0

      You are aware that ARM doesn't actually produce CPUs, right? They create IP and license that. I'm sure if Intel wanted to see their bus architecture they could easily license ARMs reference design. It doesn't take any super secret corporate espionage.

    4. Re:It's a trap! by Anonymous Coward · · Score: 0

      not sure whether to mod up or down

    5. Re:It's a trap! by DickBreath · · Score: 2

      Use the superposition mod.

      Indecision on how to mod means you need a different pull up resistor. Or your flip-flop is broken. The up / down thing can be corrected with viagra or cialis.

      --

      I'll see your senator, and I'll raise you two judges.
    6. Re:It's a trap! by Anonymous Coward · · Score: 1

      Intel does hold an ARM license.

    7. Re:It's a trap! by Anonymous Coward · · Score: 0

      Intel is a one-ARM bandit !!

  6. And how much has this made a difference to now? by koko · · Score: 0

    This is public relations flak. Won't hurt to play. Given the track record so far... not holding out any hope this is more than PR.

  7. Just kill it by Rick+Schumann · · Score: 4, Insightful

    We don't need 'Internet of Things', it's a solution looking for a problem, always has been, always will be.

    1. Re:Just kill it by thegarbz · · Score: 1

      We don't need 'Internet of Things', it's a solution looking for a problem, always has been, always will be.

      What a brain-dead comment. IoT is not a solution looking for a problem. It's a name change representing technological development that has been ongoing for the past 20 years. Unless it is you think IoT = Internet connected fridge, in which case it's like saying the entire world of computing exists only to fill out data in an excel table and therefore computers are useless.

    2. Re:Just kill it by Anonymous Coward · · Score: 2, Interesting

      it's a solution looking for a problem, always has been, always will be.

      Maybe it is when we consider it's most frivolous side like as an enabler of home automation, but we can't ignore the real business use as enabler of distributed data collection thru use of sensors and whatnot. There's money to be made there and choosing to ignore it is idiotic, to put it lightly.

    3. Re:Just kill it by Anonymous Coward · · Score: 0

      All you did was deny.
      How about offering an example of an IoT device with more reason to be on the Internet than a fridge?

    4. Re:Just kill it by Darinbob · · Score: 1

      It's a solution to many existing problems. However the media focus has been on the consumer side of things where the problems are trivial and don't really need solving. In business, industry, and science, there is a real need for sensor devices that can be communicated with remotely, whether directly on the internet or a private network.

    5. Re:Just kill it by Anonymous Coward · · Score: 0

      Modern cars are a good example. Control networks of server farms and their PDUs, UPSes, cooling, etc. are another. Intelligent power networks are a third. Plus public infrastructure such as street lights, traffic lights, and public signage in all its forms. I'm sure people can come up with many other examples.

    6. Re:Just kill it by Rick+Schumann · · Score: 1

      Well then call those something other than 'Internet of Things' devices because you're not doing yourself any favors. What you're talking about are for serious use, not so-called 'conveniences' that nobody needs and that don't really serve much of a useful purpose, existing mainly to collect more and more data on people's private lives.

  8. Great news! by bjdevil66 · · Score: 1

    Great news! Now my IoT recycling bin will be able to tell my IoT refrigerator that I just threw out my 2nd gallon of milk and order another one from Amazon to be delivered without any action on my part!

    Or my IoT couch can measure and compare my weight and pulse from week to week and automatically cancel my gym membership I'm not using enough.

    Or my IoT alarm clock can tell junk manufacturer Chinesium Inc. how long it takes me to climb out of bed and turn off the alarm.

    Or my IoT Sonicare toothbrush can narc me out to my dental hygenist ("you haven't been brushing enough") or dental insurance company ("you haven't been brushing your teeth enough").

    Or my IoT garbage disposal can tell my town's sewage treatment plant how much food I dump daily/weekly/every fortnite/month/quarter/year/decade/century.

    Or my IoT toilet paper roller can tell Charmin Inc. I'm using X number of squares with each visit to the bathroom and make proper usage recommendations (or send me coupons for more).

    Or my bed springs can count the number of compressions/humps I get into my wife during each sexual encounter and send Cosmo article links to my inbox, telling me to think more about baseball or explaining "99 NEW ways to please your lover". Or...

    IoT as of 2018 === #InternetOfTooMuch.

  9. How long will this last? by Anonymous Coward · · Score: 0

    Intel has a habit of discontinuing technologies very quickly, and the best thing about standards is that there are so many to choose from.

  10. I dunno... Intel ME backdoor standard? by Anonymous Coward · · Score: 0

    Has this standard actually been examined and certified as secure? It sounds very risky, and could potentially leave IoT devices wide open for external control in the way Intel CPUs are due to the built-in "Management Engine" back door.

  11. Privacy anyone ? by Anonymous Coward · · Score: 1

    Softbank ? The same that are backed by Saudi Arabia. The same that are killing dissidents in their ambassies ?

    No wonder why our rights are going into the recycling bin lately.

    Thanks but no thanks.

    Anonymously yours,

  12. I'm surprised... by thegreatbob · · Score: 1

    ... that they aren't trying to StrongARM them into compliance. Or maybe they are...

    I can't come up with a good pun for the DEC angle, but I think we'll live.

    --
    There is no XUL, only WebExtensions...
  13. Dumb by thegarbz · · Score: 3, Interesting

    Who cares what Intel and ARM do with their chips as long as manufacturers ship devices with default passwords, outdated software, no encryption, and whisk all the data from the devices off into some silly unsecured cloud.

    1. Re:Dumb by ItsJustAPseudonym · · Score: 1

      If you search for "Secure Device Onboard", and then go to the link on the Intel site, it shows a whole chain of trust in which the manufacturer has to participate. So, the point is that the manufacturers have to be onboard for this. There's even an entity called a 'Device Management Service Provider' that is named there.

      That being said, there seems to be nothing to stop manufacturers from simply not participating, as long as they don't want the 'Secure Device Onboard' certification. So...yep, plenty of default passwords, outdated software, no encryption, and unsecured clouds available.

    2. Re:Dumb by thegarbz · · Score: 1

      Implying that a chain of trust somehow stops backdoors and stupid inexperienced coders who couldn't code their way through a bubble sort. Certifications do not trump low cost, especially if that cost involves opening your code to 3rd parties.

  14. It's DRM. by Anonymous Coward · · Score: 1

    https://en.wikipedia.org/wiki/Enhanced_privacy_ID#Content_protection

  15. Solution! by Zorro · · Score: 2

    Paint the WiFi Chip bright Orange by law so we can rip it out.

    1. Re:Solution! by bugs2squash · · Score: 1

      They will achieve compliance by making all the chips orange.

      --
      Nullius in verba
  16. Yea! DRM and SecureBoot on ARM by Anonymous Coward · · Score: 0

    Can't wait

  17. Partner links by Anonymous Coward · · Score: 0

    Zero touch from the ARM Pelion Device Management service combined with Intel Secure Device Onboard (SDO) platform.

    https://community.arm.com/iot/b/blog/posts/enabling-large-scale-iot-arm-pelion-iot-platform-and-intel-sdo

    https://newsroom.intel.com/editorials/intel-arm-share-iot-vision-securely-connect-any-device-any-cloud/

  18. SDO ANSWER by Anonymous Coward · · Score: 0

    http://info.deviceauthority.com/device-authority-supports-intel-secure-device-onboard

    A tiny UK company has Arm Intel answer