Digital Nova Scotia member, NewAE Technology Inc. is a self-funded Canadian company that is revolutionizing the hardware security market by making every engineer and designer aware of advanced hardware security attacks, such as side-channel power analysis and glitching. NewAE Technology Inc. develops open-source hardware and software solutions for performing security analysis of embedded computer systems. They have a foundational approach to providing “security solutions” – they provide customers with the knowledge to correctly assess and validate product security, as well as the required tools and equipment to support the advancement of their security testing measures. The market traction they have achieved is a demonstration of the value of this approach – providing unparalleled transparency into the security evaluation process.
We believe every company needs to be aware of these issues, so they have created an accessible solution that is affordable, readily available, and easy to learn and operate. This approach has created a powerful marketing engine; as engineers are becoming more aware of these previously overlooked threats, they are now actively looking for effective security solutions. As a self-funded start-up, we do not have the pressure of V.C. backing, and instead prioritize our community, employees, and a sustainable future. – Hilary Taylor, CAO of NewAE Technology Inc.
Hilary Taylor, Chief Administrative Officer of NewAE Technology explains more:
Providing Affordable and Accessible Security Solutions
Most people will tell you that they have some form of software security system installed on their computer (McAfee, Norton Anti-Virus, etc.) to protect them and their information. Most people also (falsely) assume that the hardware is safe and secure because it’s inside their computer, in their home. Traditionally, people in the tech industry assumed that hardware was assuredly secure – not only due to the limitations of physically accessing the hardware but also given the astronomical costs of acquiring the type of equipment to complete these attacks. This has kept the market and the tech industry unaware of the real vulnerabilities that their products hold.
When we started in 2013, we were the first on the market providing not only affordable equipment to do these types of attacks and research, but we kept our software and the majority of our hardware open-source to ensure that the industry would have the access and knowledge, and therefore the responsibility to create secure products. This relates to devices in all aspects of our lives: chip and pin credit cards, IoT devices (Philip’s Hue Lightbulbs, connected fish tanks), the electronics in automotive (Farmers right to repair their tractors) and aerospace, and even game consoles (Playstation Vita Nintendo Switch) and electronic devices like keypad door locks.
Being at the forefront of making these tools available and accessible is what makes us unique. We have inevitably pushed for improvements in the industry, educated more developers and designers of their capabilities and responsibilities, and broadened research capabilities overall. As various industry regulations fall behind, device security is in with the lot. Consumers are presented with devices all the time which claim high-security standards, or “A+ Security”, when in fact, these claims are merely marketing terms, and are not official regulations. Regardless, the consumer feels confident and trusts that the manufacturers are building security into their devices. This is a constant discussion between silicon, security, and consumer businesses: who is responsible? who is going to pay? and what agreed-upon standard are we all going to work towards together?
We are fortunate to work with an interesting variety of companies as technology intertwines itself into so many aspects of the world. We work with businesses in over 50 countries and started selling through a reputable global distributor, Mouser Electronics, two years ago, which has helped us reach even more businesses. Our customers fall within four main categories: Educational/Research Institutions (Sorbonne, Graz University of Technology, Kookmin University), Safety and Security (UL, Lockheed Martin, Booz Allen Hamilton), Commercial (Google, NVIDIA, Nintendo), and Hobbyist.
We have been working on a tool for electromagnetic fault injection, which is capable of causing devices to perform incorrect (or unintended) operations. This area of work is exciting because it can be used for the testing of safety-critical devices in the automotive and industrial fields, but it also can be used to confirm if devices have security authentication that can be easily bypassed. Research with this device is being used to explore how we can perform more advanced testing on safety-critical devices (such as automobile ECUs) and flag potential concerns early on in the product design process.
Security tailored for everyone
We’re grateful to work in an industry that has remained stable during the pandemic. The biggest change for us has been tradeshows and conferences moving to online platforms. We really enjoy getting to interact with our customers and introducing people to the field, so conferences are a big part of our business. The experience at virtual events is not the same as in person, but with every event, we have been learning and adapting to find new ways to engage with our community and customers. Many of our customers have set up lab space in their homes to continue their research, and we have rearranged our office to ensure that everyone has their own physical space and a safe work environment.
Many researchers in the security industry are driven by curiosity, endlessly exploring how far they can push boundaries and what they can accomplish (or break). For them it’s like exploring a new land, searching the overlooked and unknown, with a goal to prove that something is achievable. Providing the tools that make these vast journeys possible is exciting to be a part of!