I’m here at Mobile World Congress 2017, and of course all the big names have new phones, but we expect that now. This year the theme is decidedly more about the future. Every year MWC has a theme, which is usually some sort of catchy marketing phrase. However, this year the theme is “The Next Element,” and I think it fits. Things like 5G connected cars, drones, VR and IoT are the showcase of many of the companies here.
This is all great, and I like the progress the industry has made in just the last year. However, for me being the security-minded person I am -- I’m looking for the security part of it all. Because as we all know by now, if something isn’t designed with security as a priority, it can get hacked, DDoS’ed or something else bad, right?
One company showcasing a connected car was touting that since 5G is so fast, there’s no need for complicated computers in the car, and the “heavy-lifting” can be done in the cloud and sent to the car for execution. I questioned, “That sounds great, but if the car isn’t making its own decisions, what happens when that command channel gets compromised?”
He looked disappointingly for a moment, and responded with, “We have the best security people, to make sure that doesn’t happen.” Ok, I’ll give him some credit, since he’s probably just a marketing guy. But what he said is a major problem of a lot of companies that are doing similar things. The fact is, you can’t make sure it doesn’t happen, you must assume it will happen. Assuming you are never safe from attacks, designing security and mitigation procedures from the top is the right way. What good are log data analysis, and post-breach tools for an autonomous car after it has been hijacked? “We can confirm that the car was indeed hacked, and someone else has taken control.” Gee thanks!
One company I visited is doing neat things with their eSIM technology. In a nut-shell, if you aren’t familiar with eSIM, it’s basically a technology that takes advantage of the fact that nearly every device made now has a secure element, TEE, or some sort of trusted storage/processing -- so why require a physical SIM anymore? A connected device can then be provisioned by a trusted services provider, and you are good to go. One of my favorite security companies, G&D (Giesecke & Devrient) were showing how this could be used to securely provision a profile to a drone, thus making it extremely difficult to compromise. Base code within the drone ensures that provisioning of the profile can only be done when not in flight, further reducing the risk of a hijack. Take that concept to IoT devices and connected cars, and I think we’ve got a good start on the security issue I talked about earlier.
I also want to make a mention of our very own MWC announcement: Windows 10 Management, and our joining of Appconfig.org. We are really excited to bring basic cloud-based management for Windows 10 systems (desktops, tablet/surface, and phones) and the ability to deploy and utilize ZSO with the Centrify Identity Platform. In addition, we have joined and updated product features to comply with Appconfig.org, a standard based way to configure and push mobile app configurations on both iOS and Android.
Maybe next year the MWC theme will be something security related, because there certainly was not enough of it from what I saw. Till next time, that’s it from Barcelona!
Learn about managing devices, securing native mobile apps and providing context for smarter access decisions here.
This is written by the individual author in his/her personal capacity, and the opinions, views and/or thoughts expressed herein are solely the author’s own. They are not intended to and may not necessarily reflect the official policy or position, or the opinions or views of ThycoticCentrify or its affiliates, employees, or any other group or individual.