Qualcomm’s Silicon Answer to Putting a Sock in Malware

POSTED BY Steffen Sorrell
With Juniper forecasting an Internet-connected unit install base of 38.5 billion by 2020, it is of little wonder that security is seen as a huge challenge. In an IoT (Internet of Things) world, as well as in the good old-fashioned ‘Internet’ (which, let’s face it, is what we’ll call the IoT at some point anyway), the issue of device and software security has reached boiling point.

Encryption Does Not Ensure Security

The problem, despite the best protestations of CIA top-dog James Comey and tech-whizz The Rt Hon David Cameron MP, lies not in the encryption layer. Looking at the maths, it would at first seem that Messrs. Comey and Cameron have a point: assuming a machine’s ability to try key combinations of 1 trillion per second (1012), a 128-bit AES key would capitulate after some 10 quintillion (1x1019) years. Put into perspective, a brute-force attack on this encryption standard would require 1 sextillion machines (1x1021) working in parallel to become feasible (3.9 days).
Nevertheless, working with cryptographic software safely requires a programming language that does not implement garbage collection: that is to say, automatic handling of unused application memory; full control is required by the program. Unfortunately, careless programming in languages such as C with regards to bounds checking can lead to attack vectors for black hats: remote code execution can potentially bypass the encryption layer and gain access to sensitive data. Even in garbage-collected languages, other pitfalls exist, and programmers are after all, only human.

A New Security Model

Back in the land of plain English, enter Qualcomm: its upcoming Snapdragon 820 SoC features ‘on device machine learning’ to augment the security layer. Similarly to how banks use software to monitor accounts for unusual activity (eg why am I buying that flatscreen in Singapore when I just paid for two large gins and two pints of cider in the “Mother Black Cap”), the SoC is designed to monitor actions initiated by the device in real-time.

Back in May, we forecast the cost of cybercrime to reach $2.9 trillion annually by 2019. When air-gapping doesn’t work, Android security is down for the count, and human vulnerability to phishing attacks leave Kim Kardashian and Joe Public wondering whether it’ll ever be safe to upload their nudes to the cloud, it’s apparent that a more intelligent approach to security is required.

Just as we indicate in our research covering the IoT, anomaly detection will become crucial moving forward, alongside encryption. Qualcomm’s latest chip will hopefully move us one step closer to putting a sock in malware; the use case undoubtedly extends beyond simply mobile.