Snapdragon Security Platform

Security solutions for a complex mobile environment.

Today's mobile users need more robust security to address ever-increasing threats to device security and privacy. And they need that in the form of power-efficient solutions that don’t interfere with the use of their devices. The Qualcomm® Snapdragon™ Security Platform is designed to provide exactly that: a robust, multidimensional suite of mobile security technologies, engineered for performance and efficiency in today's complex mobile environment.

Secure Foundation

We understand that building industry leading security solutions starts with creating a very secure foundation. Already used within billions of devices, Qualcomm® SecureMSM™ technology is based in hardware and software and is designed to provide not only a high level of security and robustness, but also high performance while maintaining power efficiency.

Secure Boot

A boot-up process designed to verify the authenticity and integrity of critical code and data. This helps prevent unauthorized modification, replacement, and execution of system stored code.

Secure Execution Environment

Qualcomm® Secure Execution Environment is a controlled and separated environment outside the high-level operating system (HLOS) that is designed to allow trusted execution of code and to protect against viruses, Trojans, and root kits.

Cryptographic Accelerators

Engineered to enhance performance and security of cryptographic operations using accelerated full disk encryption.

Secure Key Provisioning

We provide a variety of robust methods for Secure Key Provisioning in order to best meet the varying needs of our customers.

Qualcomm Haven

Built on the strength of the Snapdragon Security Platform, the Qualcomm Haven™ security suite is designed to safeguard the ever-evolving mobile device by offering multilevel protection against security threats. Qualcomm Haven now includes revolutionary biometric security and real-time malware detection.

Secure Camera

Using the very latest iris and facial recognition technology, secure camera takes user authentication to the next level to help support safe payments and purchases.

Secure Token

On-demand security tokens from the device to third-party backend services are designed to provide next-generation authentication and comprehensive encryption to help keep your mobile transactions confidential.

Snapdragon Smart Protect

Qualcomm® Snapdragon™ Smart Protect uses real-time, machine learning-based malware detection, as well as hardware-based security features to better protect data on your device against attacks.

Additional security features.

Authentication with Snapdragon Sense ID

We're addressing the limitations of password protection by supporting biometric authentication alternatives such as Qualcomm® Snapdragon Sense™ ID fingerprint technology and important related standards like FIDO (Fast IDentity Online), designed to make it safer and easier to connect to other online FIDO-enabled devices.

Theft Deterrence with Qualcomm SafeSwitch

Just because a mobile device is out of sight doesn't mean it's out of a user's control. With Qualcomm SafeSwitch™ technology, users of supported devices can remotely lock their mobile devices if they are lost or stolen and then unlock them in the event they’re found. Qualcomm SafeSwitch commands are verified by hardware, designed to make potential attacks, such as malicious locking of phones and unlocking stolen phones, less feasible.

Content Protection with Snapdragon StudioAccess

Qualcomm® Snapdragon StudioAccess™ content protection utilizes SecureMSM technology to protect premium, high-resolution video content, and helps allow users to enjoy the latest content from movie studios at higher resolution. This trusted technology is utilized by many of the leading distribution services, including Hulu, Amazon Instant Movie, Google Play, and Netflix.

The Latest

OnQ

Secure boot and image authentication in mobile tech

Ensuring that a device runs only authorized and trusted software is crucial to end users, device manufacturers (OEMs), and carriers alike. OEMs may want to protect their devices from running unauthorized software. Software that is not authentic could degrade carrier network or device performance. Malicious software can potentially compromise anything from a user’s private or financial data to irreparably damaging the physical device itself. There are many risks and potential consequences in executing untrusted software — more than we can enumerate here.

Consider an attacker who attempts maliciously inject or modify the software images in storage.  The earlier in the chain of loaded software that an attacker can compromise an image, the more control they gain. Device software is usually loaded in stages where each software image is often configured to have less authority and control than the previous image in the chain. Specifically, the first software image which is loaded has nearly complete control of the device. These first images to be loaded are called bootloader images.

If an attacker can replace the first software image to execute with their own malicious image, then they control the rest of the device’s execution. This makes the integrity of the boot chain critical. Replacing a bootloader image in storage with a malicious image could result in a persistent exploit that would control execution in that software image and any image to be run after it. 

Implementing a “secure boot” chain is designed to ensure that each of these images are unmodified, and is one way of deterring malicious or dangerous software from executing. Qualcomm Technologies products offer a secure boot implementation and have for many years.

Secure boot is defined as a boot sequence in which each executable software image is authenticated by previously verified software. This sequence is engineered to prevent unauthorized or modified code from running. We build our chain of trust according to this definition, starting with the first piece of immutable software running out of read-only-memory (ROM). This first ROM bootloader cryptographically verifies the signature of the next bootloader in the chain, then that bootloader cryptographically verifies the signature of the next software image or images, and so on.

 

17 Jan 2017
OnQ

Qualcomm releases whitepaper detailing pointer authentication on ARMv8.3

ARM recently announced ARMv8.3-A, the 2016 additions to the ARMv8-A architecture. These additions include pointer authentication instructions: “a mechanism for enhanced security associated with pointer authentication.” It is very exciting to see the technology, refined and expanded through discussions and contributions from ARM and its partners, making it into the architecture as the new pointer authentication instructions.

The pointer authentication scheme added to the ARMv8 architecture is a software security primitive that makes it much harder for an attacker to modify protected pointers in memory without being detected. In a new Qualcomm whitepaper, we describe the pointer authentication mechanism including the design criteria, provide a security analysis, and discuss the implementation of certain software security countermeasures such as stack protection and control flow integrity using the pointer authentication primitives.

These new instructions provide a way for quickly verifying the integrity of pointers and data in memory. In addition to the use cases described in the whitepaper, we expect these primitives to pave way to new techniques and opportunities to improve the memory safety of programs and runtime environments.

 

10 Jan 2017

Be one of the first to know.

Sign up to receive the latest Snapdragon news, device announcements, availability and more.

Qualcomm Haven, Qualcomm SecureMSM, Qualcomm Secure Execution Environment, Qualcomm Snapdragon Smart Protect, Qualcomm Snapdragon Sense, Qualcomm SafeSwitch, and Qualcomm Snapdragon StudioAccess are products of Qualcomm Technologies, Inc.