OnQ Blog

Big expectations for small phones: Our evolving mobile experiences

30 Apr 2015

Qualcomm products mentioned within this post are offered by Qualcomm Technologies, Inc. and/or its subsidiaries.

How attached are you to your phone? A recent survey from the Boston Consulting Group found that if forced to choose, 45 percent of us would give up home Internet to keep our smartphones. If you’re among the 64 percent of American adults who own smartphones, chances are you can’t imagine going back. Mobile experiences have become integral to our lives.

Our phones are amazing machines, filled with features and functions few of us could have envisioned even 10 years ago. They’re probably the most personal devices we will ever own. And with each year’s new generation of phones, our expectations grow—we look for better connectivity, more features, increased entertainment options, and longer battery life. And we want it all to be even easier to use.

But along with the customization and convenience comes risk: Mobile devices store our personal data, such as photos, conversations, passwords, health, and even our financial info. We need to be able to trust our phones to keep our data and information secure and private.

That’s a lot to ask of a device that needs to fit in your pocket.  But Qualcomm is making it possible, by inventing, building, and sharing the mobile technologies that directly impact our daily lives. We’re making mobiles devices lighter, more connected, more secure and more useful than ever before.

For instance, every smartphone has an onboard camera. And the cameras are constantly getting better. For example, our UbiFocus feature, found in smartphones and tablets, allows you to refocus images even after taking them. And our computational photography technology leverages advanced computer vision to add light in darkened frames, zoom without distortion, and produce rich colors in almost any condition. Our pictures reflect who we are, and they’re getting better with each new camera iteration.

As we mentioned earlier, those photos, and the other personal data that live alongside them, make our smartphones and tablets some of the most personal items we own. As our devices carry more and more of our identity, increasingly robust security will be crucial to protecting our devices, our data, and ourselves.

This year at Mobile World Congress, Qualcomm took a major step toward helping individuals secure their handsets, in the form of a new fingerprint authentication solution called Qualcomm Snapdragon Sense ID. Rather than taking a traditional scanning approach, this breakthrough invention captures all the subtleties of the fingerprint in three-dimensional detail, using ultrasonic waves to penetrate the surface skin layer and reveal minutiae like ridge endings, bifurcations, and sweat pores. Did anyone even know they had sweat pores on their fingertips?  SenseID does—and it uses them to uniquely identify you, and to keep your private data even more private than traditional fingerprint sensors.

Qualcomm is also a member of the FIDO Alliance, which is developing standards to help reduce our reliance on passwords for online security. Forgetting passwords is an everyday frustration for many people, and stolen passwords are at the root of more than a few security nightmares. But while the use of passwords is pervasive today, there are plenty of other options to choose from as we build a more secure future. Scanning a fingerprint or using another authenticated device such as a watch are easier and safer ways to log in. These kinds of password alternatives add a layer of protection to ensure that only the owner of a device can access it. 

As phones and tablets continue to evolve, our relationship with them will evolve as well. Our job at Qualcomm is to support that evolution by enriching and securing those experiences. And we’re just getting started.

Find out more at Why Wait.

UbiFocus is a feature of Qualcomm Snapdragon. Qualcomm Snapdragon and Qualcomm Snapdragon Sense ID are products of Qualcomm Technologies, Inc.

 

Raj Talluri

Senior Vice President of Product Management

More articles from this author

About this author

Related News

OnQ

Secure boot and image authentication in mobile tech

Ensuring that a device runs only authorized and trusted software is crucial to end users, device manufacturers (OEMs), and carriers alike. OEMs may want to protect their devices from running unauthorized software. Software that is not authentic could degrade carrier network or device performance. Malicious software can potentially compromise anything from a user’s private or financial data to irreparably damaging the physical device itself. There are many risks and potential consequences in executing untrusted software — more than we can enumerate here.

Consider an attacker who attempts maliciously inject or modify the software images in storage.  The earlier in the chain of loaded software that an attacker can compromise an image, the more control they gain. Device software is usually loaded in stages where each software image is often configured to have less authority and control than the previous image in the chain. Specifically, the first software image which is loaded has nearly complete control of the device. These first images to be loaded are called bootloader images.

If an attacker can replace the first software image to execute with their own malicious image, then they control the rest of the device’s execution. This makes the integrity of the boot chain critical. Replacing a bootloader image in storage with a malicious image could result in a persistent exploit that would control execution in that software image and any image to be run after it. 

Implementing a “secure boot” chain is designed to ensure that each of these images are unmodified, and is one way of deterring malicious or dangerous software from executing. Qualcomm Technologies products offer a secure boot implementation and have for many years.

Secure boot is defined as a boot sequence in which each executable software image is authenticated by previously verified software. This sequence is engineered to prevent unauthorized or modified code from running. We build our chain of trust according to this definition, starting with the first piece of immutable software running out of read-only-memory (ROM). This first ROM bootloader cryptographically verifies the signature of the next bootloader in the chain, then that bootloader cryptographically verifies the signature of the next software image or images, and so on.

The diagram above depicts an example of a secure boot sequence. The three images verified by the operating system have been authenticated by a chain of trust that leads back to the first ROM bootloader in hardware. Each image in this chain has been cryptographically verified by a certificate chain anchored to the root certificate, which is also anchored in hardware. Any attempt to inject potentially harmful code into the image will be thwarted.

For more information on the Qualcomm Technologies secure boot and image authentication process, download our Qualcomm Technologies Secure Boot whitepaper. This whitepaper provides an in-depth look at our signed ELF images format, the process of loading and authenticating those images, certificate chain contents, and supported signature algorithms.

Learn more about Qualcomm Product Security

 

17 Jan 2017