Mobile device designers and operating system manufacturers need to provide a strong foundation for secure software and firmware updates throughout the lifetime of products – not just at the start, Ira McDonald, Co-Chair of Trusted Computing Group’s (TCG) Trusted Mobility Solutions Work Group said today.
Speaking as Mobile World Congress Americas takes place, McDonald stressed that embedded systems designers cannot assume that their firmware and software will remain pristine and must plan for ways to detect and recover firmware and software compromise.
“The growing trend for greater connectivity, driven by functionality and convenience is putting mobile devices at risk of exploitation and making them more vulnerable to attacks,” said McDonald. “As security threats become more sophisticated, mobile device designers and operating system manufacturers will need to ensure they have proactive protection plans in place that can evolve throughout the product’s lifecycle and quickly respond to new threats as they emerge.”
The TCG Mobile Platform Work Group is building momentum for lifetime security in mobile devices with its TCG Runtime Integrity Protections in Mobile Devices Family “2.0” Reference Document, which has been submitted for public review.
In the reference document TCG outlines best practices for runtime monitoring and integrity preservation, encouraging device manufacturers and operating system manufacturers to consider TCG technologies to provide the necessary foundation for the security of the mobile devices long after they have been shipped.
According to McDonald, Runtime Integrity Preservation addresses things like mobile devices that don’t get rebooted for months at a time and ensures that the code remains unmodified – particularly those code regions identified by policies to be protected.
“Increasingly sophisticated network connectivity in mobile devices enables advanced feature sets, increased awareness and response, and faster patching and updating of system firmware and software,” said McDonald. “It also introduces new attack surfaces and potential issues that never previously existed in these mobile platforms.”
As with many cybersecurity problems, McDonald continued, no one solution can address the many attack techniques that attackers can employ. Instead, a ‘defense in depth’ approach is needed – mobile devices must be capable of being updated, even after they have been compromised.
As a result, McDonald emphasized that multiple cybersecurity countermeasures must be deployed to ensure that attacks are prevented. Attackers try to find and exploit the weakest link, so all the steps in the product update development and deployment process must be properly protected.
The core message of the TCG Runtime Integrity Protections in Mobile Devices Family “2.0” Reference Document is to ensure that the local device itself uses hardware assistance from the CPU to check that key regions of the operating system kernel and the drivers have not been modified and to provide recommendations about how to do that.
“In order to keep mobile devices secure, the designers of these systems must assess all of the attacks that they must resist and the consequences of a successful attack,” McDonald added. “The risk assessment can help designers to weigh the costs and benefits of the various firmware and software update approaches and choose an approach that provides adequate protection for their system.”