ETH spin off increases smartphone security with private domains
ETH spin-off Soverli is bringing a new smartphone architecture to the market. The technology allows areas on a device to be sealed off – such as for secure chats, crisis communications, or sensitive data belonging to companies and public authorities.
In brief
The isolated areas – known as domains – operate independently of one another and have separate access to memory, sensors and hardware.
This is possible thanks to a controller, developed by ETH researchers, that can create domains, switch between them and regulate access to the hardware. The controller is independent of the operating system.
The source code for the central controller is deliberately streamlined to ensure user security.
Smartphones are our go-to device for all sorts of things: Zoom meetings in the morning, the family chat, access to bank accounts, photos of children’s birthdays – the list goes on. They make everyday life more convenient but leave their users dependent on them and vulnerable to attack at the same time.
The reason for this is that the multitude of functions on smartphones make their operating systems very complex – and the bigger and more complex the software, the bigger the target. When it comes to the security of their data, users therefore have no choice but to blindly trust that there are no loopholes or errors in the millions of lines of code from smartphone manufacturers and operating system (OS) providers.
Devices would be more secure if they could do very little and contained only as much code as necessary for the respective functionality. This is not very practical in everyday life, however, as no one wants to carry around multiple slimmed-down devices.
Creating private domains
Computer scientists from the groups led by ETH Professor Srdjan Capkun and ETH Assistant Professor Shweta Shinde have therefore developed a new software architecture that can divide a smartphone up into several isolated domains that are completely independent of one another. They will present the corresponding external page scientific paper at a major Cryptographic hardware conference in October 2026.
Now, the two post-doctoral researchers Ivan Puddu and Moritz Schneider have founded the spin-off Soverli, which is bringing smartphones of this kind to the market.
The special thing about these phones is users can switch between different areas on their devices that are completely isolated from one another at the touch of a button. These “domains” can host apps or separate operating systems that run independently of the actual OS and with separate access to memory or sensors.
This gives rise to sovereign areas on the phone that the operating system cannot read, offering users full control over their data.
Puddu says: “The hard part was isolating these domains completely and allowing users to switch between them without sacrificing user-friendliness.” Soverli has found a solution to this and recently patented it.
Reorganised access to hardware
Standard smartphones are not made for this approach. Their software is hierarchically structured into four levels, with software on privileged levels able to control software on less privileged levels and read its data, but not vice versa. Among other things, access to hardware components such as the microphone, camera, fingerprint reader and location services, as well as the touchscreen and memory, is controlled at the highest level.
Accordingly, in order to divide a smartphone into multiple isolated units, the researchers first had to develop a controller that was independent from the device manufacturer and operating system and that could create the domains, switch between them and control access to the hardware components.
Existing security solutions do not provide these capabilities. Although they can move security-relevant processes such as payments or the use of a fingerprint sensor into protected hardware environments, their code is only visible to the device manufacturers. Independent developers and users therefore have no choice but to trust them.
Secure chats and independent emergency communication
There are numerous potential applications for the smartphones from Soverli. One obvious example is to create a domain for a secure messaging app.
However, the protection of personal data is just one of Puddu and Schneider’s aims. The new architecture is also an exciting development when it comes to communication in crisis situations. Emergency service organisations could use secure domains in conjunction with a separate emergency mobile network for communication. Systems of this kind are more secure if they are independent of foreign device manufacturers and standard operating systems. Authorities are therefore high on the list of potential customers for Soverli, in addition to business customers with special requirements.
Soverli sells software licences
Puddu and Schneider are currently focusing on selling software licences to device manufacturers. They are also supplying some companies with devices containing pre-installed domains.
At present, Soverli does not sell software directly to private users – primarily because the spin-off has only just been founded. However, the founders say that they could certainly envisage doing so if a suitable partner is found. The demand for devices of this kind could also grow among private individuals, says Puddu: “Awareness that we shouldn’t be as dependent on the big tech companies is growing by the day.”
Reference
Groschupp F, Kuhne M, Schneider M, Puddu I, Shinde S, Capkun S: It's TEEtime: A New Architecture Bringing Sovereignty to Smartphones. To appear in external page CHES 2026. Doi: external page 10.48550/arXiv.2211.05206