How vulnerable are smart home devices to hacking?
IoT devices, from smart light bulbs to voice-activated assistants, are increasingly prevalent in households, despite growing reports of their susceptibility to hacking.
UL has introduced the IoT Security Rating program at CES, a new effort to measure the vulnerability of IoT and smart devices to hacking.
What is UL IoT Security Rating?
While you can use many smart or IoT products in your home, you can't always trust them. Personal devices aren't the only ones with issues; even medical devices have been hacked, posing life-threatening risks.
UL IoT Security Rating aims to measure the security level of connected products. Each of the 5 rating levels must meet specific security principles. Manufacturers seeking certification must demonstrate their products meet these required standards.
While IoT manufacturers aren’t required to be UL certified, it's a way for consumers to know if their purchased products have verified security features and the exact level of device safety.
Another benefit is that every UL verified product has a unique identification number. You can check the integrity of a rating by entering the identification number at https://verify.ul.com/. Each assessment has an expiration date and can be renewed. You can check if a rating is still valid to see if it meets current security standards (which adapt as hackers and technology evolve).
5 Security Levels
UL IoT Security Rating has 5 levels, from Bronze to Diamond (Bronze being the least secure). However, even to achieve a Bronze rating, connected devices must demonstrate some basic cybersecurity measures to ensure user safety.
1. Diamond Level - Highest Security
The Diamond level has 3 main criteria. First, data is stored to maintain complete anonymity, preventing hackers from accessing your identity in a hack.
Devices can also detect malware injections and prevent device tampering. Finally, devices are locked after multiple failed login attempts, making it nearly impossible for hackers to guess your password before the device is locked.
2. Platinum Level
Under the Platinum rating, devices are thoroughly tested against all known cybersecurity threats. Note that these are known threats, not potential new threats. However, firmware and software updates can keep known threats updated.
It has anti-malware protection features. Code on connected devices won’t accept unidentified code.
The final preventive measure is that users must log in frequently to prevent hackers from taking advantage of login and maintaining network connections with users.
3. Gold Standard - Adequate Security
UL IoT Gold security rating ensures all data transmitted uses top encryption standards in the industry. In addition, devices are optimized with the best security settings without any real user intervention, other than setting a password.
The final standard protects connected device applications. Ultimately, if an application is hacked, the device can also be hacked.
4. Silver Standard
With this rating, although the device monitors security issues and maintains protection for users, there is no real protection regarding user data. However, users are informed about all data collected, along with how it is used and stored. Users must consent to data collection, as declining consent will limit the device’s usability.
Finally, any area, such as device installation, containing personal information will include authentication methods to protect information.
5. Bronze Standard - Least Secure
Bronze-level devices only have basic security precautions. These devices lack pre-programmed passwords for hackers to exploit. Security updates must be verified before installation to prevent harmful updates from being installed. Additionally, the reset button will completely erase all stored information.
