For those who aren’t aware, the prpl Foundation’s mission is “to build open-source carrier-grade software for service provider CPE devices.” The more detailed definition is that it’s a suite of opensource home gateway OS, high and low level APIs, application life cycle management and Wi-Fi mesh open source software. The most accessible translation is that prpl represents some of the world’s largest telecoms carriers combining with hardware and software vendors to build the equivalent of Android for the smart home.
Lead members Orange, Verizon and AT&T had progress to report in Paris. prpl Life Cycle Management (LCM) is already running on 12 million AT&T home gateways. Verizon announced it will be upgrading 10 million home gateways to prpl by the end of next year. Having launched in Jordan earlier this year, Orange stated that its second launch is upcoming in Morocco. Planning is also underway for evolving the company’s installed base of home gateways in France. Vodafone and T-Mobile speakers spoke at the summit too. They’re using the rival RDK-B OS for their home gateway products, albeit both operators are integrating prpl LCM into that.
The prpl Foundation had some new members to celebrate, namely KPN, TIM, Telenor and Turk Telecom. A presentation by Bell Canada nevertheless gave some useful context as to the amount of time telcos can take to align the various parts of their organisation around a new agile technology deployment and commercial delivery model. The process of joining prpl began in 2022 when the idea was first put forward internally. It only concluded earlier this year when a budget to join was finally allocated.
HardenStance’s interest in prpl arises from the potential it offers to harden the cybersecurity of home gateways and home networks as well as to harden telco networks more broadly. Home gateways are vulnerable to cyber threats that come in directly from the Internet as well as those that are generated by insecure IoT ‘things’ in the home. Cybersecurity apps on home gateways protect them and the smart home devices that connect to them against those threats. Among the applications that telcos and their consumer customers are most keen to deploy on home gateways, cybersecurity and Wi-Fi optimisation apps are invariably the top two.
Going into this year’s prpl Summit, Bitdefender and F-Secure were the only two cybersecurity vendors with a generally available (GA) cybersecurity app for prpl. Bitdefender’s is going live soon with Orange in Morocco. There was good news in Paris with Cujo AI confirming that it’s prpl compatible security app will be GA from the end of this year. Cujo AI is converging with the prpl ecosystem, having already built up a very strong position in the RDK-B market with a number of deployments in North America as well as with Deutsche Telekom and Sky in Europe. Sam Seamless Network and Allot Communications are close to having a prpl product that’s GA. Nagra’s Kuldelski Group also has one in its roadmap, although it’s not likely to be GA before sometime in 2026. Altogether, this means that a few months from now, there could be as many as six prpl-compliant cybersecurity apps for telcos to choose from.
HardenStance supports the prpl ecosystem because it enables telecom operators to deploy advanced, open source cybersecurity software to protect smart homes more quickly, at scale, and with lifecycle management that enables frequent security updates. It’s for that reason that it’s important to point to next steps the prpl ecosystem should be taking.
The departmental interest in a telco that is typically represented within prpl is the consumer product or consumer services organisation. Consistent with the end goal of making it the ‘Android of the home’, telco participation in prpl is almost entirely driven by revenue acceleration or monetisation. At this point in prpl’s evolution, cybersecurity apps are just another ‘value added service’ that telcos can charge extra for. That’s okay as far as it goes.
But as well as protecting a householder’s home network, prpl has potential to significantly improve a telco’s own network and network security operations. Misbehaving smart devices in the home are often enslaved by botnets. As well as putting householders themselves at risk, these devices spew malicious traffic out from the home into the telco’s network, destined for the malicious C2 servers that control them. This enables cyber-attacks on other targets and negatively impacts the telco’s IP reputation among peers. It also cloggs up a telco’s network with malicious traffic, risking network and service degradations and even full scale outages. This becomes a still greater challenge as telcos roll out fixed wireless access (FWA). That’s because mobile networks are more resource constrained and are not used to supporting connected (and infected) smart home devices.
Telco network and network security operations teams are currently not showing enough interest in prpl. That’s holding back additional resources from being invested in the ecosystem. Admittedly, there is a bit of a ‘chicken and egg’ situation here. Operations teams need more granular visibility into household traffic in order to justify contributing in some way to securing the home gateway; but the obvious solution to serving up that data is to already have a security app on the gateway. This is another variant of the departmental alignment challenge shared at this year’s summit by Bell Canada. If telcos want to improve the security of their networks at the same time as they use security to grow smart home revenues, they can certainly carry on following the money. But they do need to take the next step and start following all the money.
This article is written by Patrick Donegan, the founder and principal analyst at HardenStance.
Comment on this article via X: @IoTNow_ and visit our homepage IoT Now
