Connected objects are becoming more and more common, as is cybercrime. So, to easily spot companies that play the security game, there’s nothing like a new standard.
Ovens that start on their own, surveillance cameras that monitor you without your knowledge or robot vacuum cleaners that start outside of their program. No, this is not a passage from an episode of Spirou or Black Mirror, but a real risk for millions of users.
Indeed, every connected device in your home is an additional foothold for bad actors. But don’t panic, a new standard should allow you to sleep soundly by the end of the year.
A specification to guide consumer purchasing
We don’t pay much attention to it anymore, but our electronic devices are covered with logos of various standards and other norms, usually on their packaging, but also on themselves. While some will say that this is only the result of complex and laborious administration, above all they are excellent tools to allow consumers to know what they are buying.
This is what the Connectivity Standards Alliance (CSA) wishes to bring to the level of cybersecurity of connected objects. Supported by more than 200 companies, including Google, Amazon, Signify and Arm, the organization has just announced the implementation of the Product Security Verified (PSV) standard in its first version.
Manufacturers wishing to comply will have to meet precise specifications and submit their products to an approved laboratory. The CSA requires, among other things, that sensitive data on devices be secure, that security updates be deployed throughout their support, and that they do not have hard-coded passwords. The list is expected to grow over time, so the standard will evolve with the appearance of future studies by the working group that created it, but also with the appearance of new threats.
“ Research continually shows that consumers consider security an important purchasing factor “, explains Eugene Liderman, director of mobile security strategy at Google, at The Verge. “ Programs like this will give them a simple, easily identifiable indicator to look for. »
A serious certification, but still perfectible
To avoid fraud, a QR code will allow “ consumers to access more information about the device’s security features », Explains the CSA in a press release. In addition, the organization will make available a database of products it has certified, and make it accessible to home automation services such as Google Home, allowing them to view cybersecurity information during installation of a new connected object.
Each certified product will have to undergo a new battery of tests after three years, so that the PSV standard corresponds as closely as possible to current CSA specifications. However, according to Tobin Richardson, executive director of the organization, businesses still win. This certification is on track to be recognized globally, which will simplify compliance with regulations in multiple countries in a single step. Indeed, it is a clever mix of security standards established by different governments around the world. And, if only Singapore has officially recognized it for the moment, the United States, the European Union and the United Kingdom should follow suit.
According to Steve Hanna, a cybersecurity researcher who chaired the working group behind the PSV, it is far from perfect, and he would like to incorporate other elements. However, ” It’s a big step forward to have global safety certification “, he declares. “ It’s so much better than not having it. » For his part, Liderman insists that this standard does not guarantee that a device is free of vulnerabilities.
Products already on the market will be able to pass the CSA battery of tests and obtain certification. According to Richardson, bulbs, switches, thermostats and even surveillance cameras already present in your home could be PSV certified by the end of the year.
Source : The Verge
1