Qualcomm's next flagship mobile system on a chip (SoC), Snapdragon 820, will support on-device behavioral analysis,...
which the company claims will be able to detect malware.
According to Qualcomm, the feature, called Smart Protect, will provide real-time, on-device machine learning to analyze and identify zero-day malware, and even offer zero-day detection. It will also provide an API, so antimalware applications can take action on threats found. "With consumers storing more personal information on their devices, data leakage incidents and malware are on the rise," said Asaf Ashkenazi, director of product management at Qualcomm Technologies, Inc., based in San Diego. "Snapdragon Smart Protect supports deep, on-device monitoring for nearly instantaneous notifications of detected privacy violations and malicious activity, while also providing great system performance and battery life."
Qualcomm said it is working with antimalware developers, such as Avast Software, AVG Technologies and Lookout Inc., to integrate Smart Protect capabilities into mobile apps.
It is unclear, though, how many devices will take advantage of these new features, or if Android will build support for Smart Protect. Previous additions to SoC features, such as Quick Charge, have needed to be implemented by device manufacturers or software developers.
Neither Qualcomm nor Google could be reached for comment as of this publication.
Liviu Arsenesenior e-threat researcher at Bitdefender
Liviu Arsene, senior e-threat researcher for Romania-based antimalware firm Bitdefender, said this announcement potentially could mean that mobile malware has become as dangerous as PC malware, or at least that manufacturers want to build in extra security before mobile malware gets that bad.
"We've seen PC/CPU manufacturers, such as Intel, adding somewhat similar capabilities into their processors, enabling security vendors to enforce tougher security against threats," Arsene said. "Bundling machine learning algorithms with the chip does present numerous benefits -- complete system visibility for one -- but it all boils down on how accurately they can detect threats, as not to issue false positives."
Arsene also wondered how Qualcomm planned to handle the machine learning, which can be a difficult and controversial problem.
"There's much debate in the scientific community on how to train, supervise or not supervise machine learning algorithms," Arsene said. "The thing with machine learning is that you have to train it by feeding it some input, so that it has something to learn from. After it does that, it can start analyzing and clustering new input. Watching for a series of in-depth system events and relaying them via the API to a security solution is a lot better than traditional mechanisms. The trick is to allow the security solution to take appropriate actions with higher privileges."