With an Eye on IoT Security ARM buys Simulity for $15m

In-brief: ARM’s purchase of Simulity adds the ability to do over the air updates to embedded SIM chips and highlights ARM’s efforts to build out security and management at IoT scale. 

A tiny deal this week by ARM could have a big impact on the security of the Internet of Things.


LEARN TO SECURE THE INDUSTRIAL INTERNET OF THINGS 

Trusted Computing Group has how-to and demos with Microsoft, GE, Infineon, OnBoard Security, Wibu-Systems at IoT Solutions World Congress. Get your free expo pass code 111B9B47 or discount conference pass code 526E24AF


The company, which makes a wide range of low power processing chips, spent £11.7 million ($15.3 m) to acquire Simulity, a maker of embedded operating systems and SIM cards for Internet of Things devices, according to a statement released by the private equity firm Foresight, an investor in Simulity.

You’ve likely never heard of Simulity, which is headquartered in Gwynedd, Pennsylvania (I hadn’t), but their technology speaks volumes about ARM’s long term vision with regard to the Internet of Things. As this article about the transaction on the web site Electronic Design notes, Simulity makes embedded SIM cards – akin to those that connect your smart phone to cellular networks. But Simulity’s SIM cards “can be soldered directly into circuit boards that do everything from monitoring factory equipment and tracking shipping containers.” And, critically, they allow companies to update credentials for those cards over the air.

That last bit is critical for the IoT – where massive populations of connected endpoints will make physical management of SIM cards uneconomical and – often – physically impossible. Simulity’s technology, coupled with ARM’s scale producing chips and microcontrollers that power IoT devices.

In a statement to Electronic Design, Vincent Korstanje, vice president of marketing for ARM’s systems and software group, said that traditional SIM technology will not be able to deliver the scale or flexibility required” to manage not only millions but billions of connected devices” in the Internet of Things.

Original Equipment Makers (OEMs), cellular network operators and IoT service providers know that to be able to rollout IoT devices at scale they need to be able to manage the network credentials of devices after they have been deployed. That’s where Simulity’s technology comes in.

[Read more Security Ledger coverage of over the air software updates]

Managing credentials and software updates to connected devices is a major pain point for device makers and OEMs. In January,2015, for example, automotive OEM giant Harman announced plans to acquire the Israeli firm Red Bend Software, which makes software management technology for connected devices, and over-the-air (OTA) software and firmware upgrading services. ARM executives have indicated that introducing improved features for managing deployed devices is a top priority.

Actively managing deployed devices is critical to maintaining their integrity over lifespans that may range from months to years to decades. Recent incidents, such as the emergence of the Mirai botnet, have illustrated the difficulty that manufacturers currently have managing devices once they are sold and deployed. That botnet took advantage of deployed devices that were configured with default administrator credentials or had out of date and exploitable firmware (software).

Source: ARM, Still Targeting Remote Updates, Pays $15 Million For Simulity

Security Ledger wants to hear your thoughts! Leave a reply.