With the growing interest in machine-to-machine (M2M) devices and connectivity, enterprises today are looking to capitalize on opportunities presented by this trend. At the same time, developers face challenges related to new device development, as many industries require components that ensure that devices are fully protected against external security threats. From preventing data from being manipulated and/or modified, to ensuring no security holes are present, it is critical that new devices provide this added level of security and assurance. This is especially critical for companies in the financial, pharmaceutical and metering industries, where data breaches or modifications can result in costly penalties and fines.

Bug Labs and Pitney Bowes developed BUGsecure to empower enterprises to help eliminate these common security risks and develop new devices they can trust will protect sensitive data. Comprised of the Bug Labs BUGbase 2.0 with an embedded tamper-responding security chip from Pitney Bowes, the functionality enables cryptographic processing, a secure time source, transaction management, remote security lifecycle management, and third party server validation. BUGsecure is compatible with 3G and 4G mobile development platforms, as well as standard Bug System modules. As a result, companies are able to develop new and secure M2M device innovation quickly and affordably.

To help device developers kick-start their innovations with confidence, the following is meant to serve as a guide:

1. What are the top things that I, as a developer, should be concerned with regarding device security?
   • Malware – Viruses, trojans and other malicious threats are widely-known to infect computer systems. However, with the proliferation of mobile devices, hackers and other criminals have developed new tactics to execute malicious software on mobile devices. Given that many mobile phones function akin to computers, information contained within becomes much more valuable, and criminals are looking for better, and more efficient ways to get your information.
   • Users Tinkering with Applications – On mobile devices in particular, it is easy for users to go in and change or reduce the security settings inherent on the device. This occurs in two ways:
     1. Non-malicious – This occurs when a user either knowingly, or unknowingly, goes into the application setting on their mobile devices and changes something that results in a reduction of security on their system.
     2. Malicious – This often occurs when a user is able to obtain codes that are able to unlock phones, modify software and cause potential damage to the device and the information contained within it.
   • Remote Devices – Remote devices present risks to the enterprise. Not only is it a challenge to manage multiple devices in a fleet, but ensuring the security of these devices is critical. Devices go as far as their users carry them, and in some cases, this means to non-password protected Internet connections, where devices can be vulnerable to attacks.
   • Ability to Modify Application Data – Another major security risk occurs when mobile device application data is modified by the user for malicious purposes. This happens when someone is trying to save money, reduce a charge, or create fraudulent information within an application.
   • Wide-scale Distribution – The “share-ability” enabled by the Internet can be both a blessing and a curse. In the case of mobile security, it is often a curse. With just a few simple keystrokes, a hacker has the ability to mass-distribute code that has been used to “crack” into mobile devices and their operating systems.
2. Wide-scale distribution of “cracked” codes has always been a reality for companies. How does BUGsecure play into this? How does it make a difference?
   • There are essentially 4 levels (that increase in complexity) at which a mobile device attack can occur:
     1. A hacker is able to manipulate software on the mobile device.
     2. That same code is mass-distributed (via the Internet). More eyes equals more opportunity to do more of the same damage to mobile device software.
     3. A hacker physically manipulates the mobile device to get the information needed (ex. cutting wires). The process is effective, yet slow, as it is a one-at-a-time effort for hackers.
     4. At this level, not only must the hacker need to both manipulate the software AND the hardware, but it must also face encryption and authentication challenges. These elements make it nearly impossible to obtain data and/or manipulate the device further. This is the level where BUGsecure is at.
3. I’m already taking adequate security precautions. Why should I consider BUGsecure?
   • Managing secure devices is not an easy task. Even the best security mechanisms, such as algorithms and cryptography, can falter if not managed adequately.
   • The key to getting ahead of the curve is having the foresight to develop new wireless devices with security in mind from the start. Too often, security is implemented mid-way through the development process, or is implemented after a product has been developed.
   • With BUGsecure, common mass-distribution-based threats are eliminated. The tamper-responding security chip from Pitney Bowes that is embedded into the BUGbase 2.0, provides cryptographic processing, a secure time source, transaction management, remote security lifecycle management, and third party server validation.
   • When developing new wireless devices, the security features within BUGsecure also allow you to utilize real data in a prototyping situation, enabling you to implement a better security design within the new device as a result.
   • In addition, using BUGsecure in an enterprise environment can help free up time spent on managing security on a day-to-day basis. Instead of purchasing a library and dedicating valuable team resources to implement security features, BUGsecure delivers all the security needed upfront, with no further implementation needed.
4. Why is BUGsecure new and exciting for the market? What challenges does it address for your target markets?
   • This is the first time that a physically secure, tamper responding hardware security solution has been tightly integrated into a mobile application development platform. The unique combination of security with mobility and a trusted, scalable infrastructure will enable many new accounting, payment, tracking, communications, and authentication solutions.
   • The availability of trusted messaging form a mobile device with a lower barrier to entry than ever before will enable new business models for existing applications.
   • The availability of a proven security solution in a platform that supports rapid prototyping will enable designers to build solutions with security integrated from the very beginning. Instead of adding security capabilities as an afterthought, you will now be able to include scaleable and configurable security from the very beginning of your prototyping process and trial deployment process.
5. What is the basic functionality of BUGsecure?
   • This is the first time that a physically secure, tamper responding hardware security solution has been tightly integrated into a mobile application development platform. The unique combination of security with mobility and a trusted, scalable infrastructure will enable many new accounting, payment, tracking, communications, and authentication solutions.
   • The new version enables critical security capabilities including secure authentication, secure communication, secure audit trail, and secure accounting. These features are enabled using industry standard encryption and digital signatures built on a robust and scaleable key management and device management infrastructure. This powerful combination of features forms a complete solution for security life-cycle management.