register free | resend password


One-time security installations are not enough to protect mobile devices against growing threats, says TCG

ID: 1553277
recent pressrelease next pressrelease

(businesspress24) - Los Angeles, California, October 22, 2019 – Mobile device designers and operating system manufacturers need to provide a strong foundation for secure software and firmware updates throughout the lifetime of products – not just at the start, Ira McDonald, Co-Chair of Trusted Computing Group’s (TCG) Trusted Mobility Solutions Work Group said today.

Speaking as Mobile World Congress Americas takes place, McDonald stressed that embedded systems designers cannot assume that their firmware and software will remain pristine and must plan for ways to detect and recover firmware and software compromise.

“The growing trend for greater connectivity, driven by functionality and convenience is putting mobile devices at risk of exploitation and making them more vulnerable to attacks,” said McDonald. “As security threats become more sophisticated, mobile device designers and operating system manufacturers will need to ensure they have proactive protection plans in place that can evolve throughout the product’s lifecycle and quickly respond to new threats as they emerge.”

The TCG Mobile Platform Work Group is building momentum for lifetime security in mobile devices with its TCG Runtime Integrity Protections in Mobile Devices Family “2.0” Reference Document, which has been submitted for public review.

In the reference document TCG outlines best practices for runtime monitoring and integrity preservation, encouraging device manufacturers and operating system manufacturers to consider TCG technologies to provide the necessary foundation for the security of the mobile devices long after they have been shipped.

According to McDonald, Runtime Integrity Preservation addresses things like mobile devices that don’t get rebooted for months at a time and ensures that the code remains unmodified – particularly those code regions identified by policies to be protected.

“Increasingly sophisticated network connectivity in mobile devices enables advanced feature sets, increased awareness and response, and faster patching and updating of system firmware and software,” said McDonald. “It also introduces new attack surfaces and potential issues that never previously existed in these mobile platforms.”



As with many cybersecurity problems, McDonald continued, no one solution can address the many attack techniques that attackers can employ. Instead, a ‘defense in depth’ approach is needed – mobile devices must be capable of being updated, even after they have been compromised.

As a result, McDonald emphasized that multiple cybersecurity countermeasures must be deployed to ensure that attacks are prevented. Attackers try to find and exploit the weakest link, so all the steps in the product update development and deployment process must be properly protected.

The core message of the TCG Runtime Integrity Protections in Mobile Devices Family “2.0” Reference Document is to ensure that the local device itself uses hardware assistance from the CPU to check that key regions of the operating system kernel and the drivers have not been modified and to provide recommendations about how to do that.

“In order to keep mobile devices secure, the designers of these systems must assess all of the attacks that they must resist and the consequences of a successful attack,” McDonald added. “The risk assessment can help designers to weigh the costs and benefits of the various firmware and software update approaches and choose an approach that provides adequate protection for their system.”



More information:
http://https://www.realwire.com/releases/One-time-security-installations-are-not-enough-to-protect-mobile-devices



Keywords (optional):

trusted-computing-group, tcg, mobile, device, security, threat, mobile-world-congress,



Company information / Profile:

TCG is a not-for-profit organization formed to develop, define and promote open, vendor-neutral, global industry specifications and standards, supportive of a hardware-based root of trust, for interoperable trusted computing platforms. More information is available at the TCG website, www.trustedcomputinggroup.org. Follow TCG on Twitter and on LinkedIn. The organization offers a number of resources for developers and designers at develop.trustedcomputinggroup.org.

PressRelease by

PressContact / Agency:

Proactive PR
+44 (0)1636 704 888
Email: press(at)trustedcomputinggroup.org



published by: RealWire
print pressrelease  pressrelease as PDF  send to a friend  

Date: 10/22/2019 - 17:45
Language: English
News-ID 1553277
Character count: 3659
Kontakt-Informationen:
Firma: RealWire
Ansprechpartner: Fran Cator Feedback to businesspress24.com about Pressrelease-id:
Stadt: Lincoln
Telefon: +44 (0)1522 883640

Meldungsart: bitte
Versandart: Veröffentlichung

Number of hits: 468

Linking-Tips:



Direct Link to this PressRelease:






We would appreciate a link in your News-, Press- or Partner-Site.

Comments on this PressRelease






All members: 9 433
Register today: 1
Register yesterday: 0
Members online: 0
Guests online: 48


Don't have an account yet? You can create one. As registered user you have some advantages like theme manager, comments configuration and post comments with your name.