Unfortunately, you can’t avoid it. Between us and our digital intent sits a device that interprets input in the form of sound and gesture and emanates a response with sound and light. No matter how perfect the cryptography, if the machine tells us, “Yeah, I did what you asked,” we can only trust that it is correct.
That trust is built on physics, reputation and brand. People can track physical objects and choose from whom we purchase them. A device procured from a reputable manufacturer is likely to act as advertised. Even so, a diligent user will only extend confidence after observation.
That trust is bilateral. While users need to trust that their devices are properly executing an instruction, a service provider needs to trust that a device communicating on behalf of a customer is doing so honestly. However, without cryptographic primitives embedded in hardware, there is no real bridge between the physical object and its communications with the internet.
A device must be able to unequivocally assert that it is the same device it was before, in order to develop a trusted link between a person and a network. Therefore, hardware-based security is more important than ever.