Former phonemaker to license secure technology to manufacturers to improve safety and security of IoT devices
BlackBerry is jumping into the IoT space to boost the security of connected devices, it announced at CES Monday.
Despite their burgeoning popularity approximately 80 percent of consumers in the U.S, U.K and Canada do not trust their internet-connected devices to secure their data and privacy, according to a recent survey conducted by Blackberry.
Additionally, when asked about future purchases, respondents said they were more likely to choose a product or do business with a company that had a strong reputation for data security and privacy.
To help address this trust-gap BlackBerry is licensing its secure software framework to IoT manufacturers to help them securely build IoT devices, essentially allowing manufacturers to outsource their cybersecurity research and technology to BlackBerry, which has a proven track record in mobile security.
Once a manufacturer has produced a device, Blackberry will then review its security and if developed to its standards the firm will then deem it ‘Blackberry Secure’.
“2019 will be the year consumers will begin to vote with their wallets and seek out products that promise a higher level of security and data privacy,” said Alex Thurber, senior vice president and general manager of mobility Solutions at BlackBerry.
“IoT device manufacturers can address security and privacy concerns head-on and stand out in the cluttered IoT space by bringing to market ultra-secure products that consumers, retailers, and enterprises want to buy and use,” he added.
Manufacturers will have the choice of three ‘feature packs’ which build upon each other and provide various levels of management and control.
The secure enablement pack offers secure manufacturing and product lifecycle management. This involves BlackBerry setting up a manufacturing station and a hardware root of trust connected to the company’s network operation centre, that is monitored 24/7 for uptime and reliability.
During manufacturing, a BlackBerry secure identity service key is injected into the hardware and recorded on a secure server. Both at launch and periodically throughout the product’s lifecycle, checks are performed to verify that the two keys match. If they do not, the device no longer boots.
The secure foundations pack locks down software being executed with secure boot and ARM Trustzone technology to securely generate, use and store encryption keys used for various software operations and generates real-time ‘health’ reports that can be accessed by users and trusted third-party applications.
Aimed at devices that will be used in regulated or restricted environments, the secure enterprise pack allows firms to protect their data by controlling what can be accessed via device debug interfaces, communication protocols (bluetooth, NFC), and radios (cellular, WIFI, GPS). It is also able to set policies which add baseline security for certifications such as FIPS.
In October, the Department for Digital, Culture, Media and Sport (DCMS) and the National Cyber Security Centre (NCSC) published a voluntary Code of Practice (CoP) to boost the security of IoT devices.
The measures formed the world’s first national directive aimed at improving IoT device security and is expected to become an international standard. Tech companies HP and Centrica were the first to commit to the code.
Cybersecurity expert David Kay dived deep into the issue IoT security for a Techerati special focus.