- The IEEE hopes to introduce an IoT security label that will help consumers make a safe choice.
- The label was designed to be clean and concise while conveying the info in an understandable way and form.
- The IoT industry may be convinced to adopt this standard; otherwise, we would rely on laws or consumer pressure.
As the rise of IoT (Internet of Things) devices continues, it becomes clear that something fundamental needs to change in order to help secure them. Many of these devices are intrinsically unsafe and haven’t been developed with the user’s security and privacy in mind. However, the ignorance of a large number of consumers leads to widespread problems like the hijacking of IoTs to mine crypto, or their involuntary recruiting in DDoS swarms. In an effort to raise awareness on the consumer level, the IEEE Symposium on Security & Privacy has published a prototype “security label” for IoTs.
The label is providing critical information about the security of the device, allowing the prospective buyer to figure out what data practices underpin it with a single glance. This way, the process of conducting market research before buying an IoT is greatly simplified. As shown in the sample label below, there are details about the period of support with security updates, the access control system, how the device’s vendor handles the captured video and audio data, and links and a QR code for more information.
The label’s layout needed to follow a concise form, while the contents and the type of each entry needed to be very easy to read and understand, even for those who know nothing about IoT security. For this purpose, the team that designed it consulted a diverse group of 22 security and privacy experts working in the private sector, the government, or academia. In total, the primary label and the additional information that is accessed after scanning the QR code refer to 47 pieces of security and privacy-related points about the device.
Of course, for this label to become an industry standard, the IEEE will have to convince IoT manufacturers and retailers to adopt it. Governments and legislation could help push things in that direction, just like food products are obliged to carry nutritional value labels. It is a matter of consumer safety and should be made mandatory for this reason. Even though it’s optional, people may pay a premium price to buy products that come with the IoT security label instead of picking up a cheaper but obscure one. The team is planning to conduct a relevant study, hopefully collecting data that would act as a convincing lever in the industry.