How mobile devices became fundamentally more secure than PCs

Having learned the lessons of the antivirus and malware wars on computers, ARM architected a secure hardware enclave that mobile devices have the option to tap into.

How mobile devices became fundamentally more secure than PCs

At the 2018 RSA conference, Ben Cade, CEO of security firm Trustonic spoke with TechRepublic about how Trustonic's parent company, ARM, approaches mobile security:

Cade: So one of the heritages of Trustonic obviously is ARM. And the company looked at what were the issues in the PC? So as we know, you have software that's trying to protect your software against very advanced software-based threats. So it seems like an unwinnable battle and very reactive at best. So at ARM, there was a technology invented called TrustZone which basically said you can separate out what's going on in software and protected using hardware in the chip. And that's what's effectively changed over the years.

In the mobile device, there's much better security technology available than there has ever been available in the PC, which means that you don't need to use the same methods to protect yourself, whether it's antivirus or sort of anti-malware solutions. The education really now is the technology's there in most devices. How do you encourage a bank, an enterprise, a healthcare company to make use of this technology? Which will actually mean your assets are protected using hardware, which means that it's immune to things like software viruses and malware.

SEE: Cybersecurity in an IoT and Mobile World (ZDNet/TechRepublic special feature) | Download as a PDF

The powerful point here is when people talk about hardware security, they traditionally associate this with a dongle to get onto your bank or get onto your enterprise network. That's not very sympathetic to how we access our services. We have multiple applications on our devices. So what you see actually is this is already embedded within the device, and then as a user it's completely transparent. But as a bank, what I do know now is my application and my customer's data is protected in this separate world away from Android or away from iOS for example. And that means I can do things differently. Which means I can give you access to your services more simply and in a faster way.

You have this chip. People understand it's a big processor, it's got gigahertz of speed, it's got gigabytes of memory. What you've traditionally seen is that runs the big operating system like Android. But now with this technology what happens is, it's a bit like two train tracks. It can switch between this normal world, running the operating system which is very powerful but not necessarily completely trusted, to a much smaller, much more secure environment that's completely separate from that main operating system. So that's good from a security perspective, it's good from a trust perspective, and clearly there's a lot of potential for its good from a privacy perspective to protect your assets or your customer assets from general snooping, whether that's the operating system or viruses, malware, or something malicious.

Also see:

Image: iStock/Sitthiphong