Security

The IEEE Is Working on a Standardized Security Label for IoT

By Bill Toulas / May 30, 2020

As the rise of IoT (Internet of Things) devices continues, it becomes clear that something fundamental needs to change in order to help secure them. Many of these devices are intrinsically unsafe and haven’t been developed with the user’s security and privacy in mind. However, the ignorance of a large number of consumers leads to widespread problems like the hijacking of IoTs to mine crypto, or their involuntary recruiting in DDoS swarms. In an effort to raise awareness on the consumer level, the IEEE Symposium on Security & Privacy has published a prototype “security label” for IoTs.

The label is providing critical information about the security of the device, allowing the prospective buyer to figure out what data practices underpin it with a single glance. This way, the process of conducting market research before buying an IoT is greatly simplified. As shown in the sample label below, there are details about the period of support with security updates, the access control system, how the device’s vendor handles the captured video and audio data, and links and a QR code for more information.

iotlabelswil

Source: IEEE

The label’s layout needed to follow a concise form, while the contents and the type of each entry needed to be very easy to read and understand, even for those who know nothing about IoT security. For this purpose, the team that designed it consulted a diverse group of 22 security and privacy experts working in the private sector, the government, or academia. In total, the primary label and the additional information that is accessed after scanning the QR code refer to 47 pieces of security and privacy-related points about the device.

Of course, for this label to become an industry standard, the IEEE will have to convince IoT manufacturers and retailers to adopt it. Governments and legislation could help push things in that direction, just like food products are obliged to carry nutritional value labels. It is a matter of consumer safety and should be made mandatory for this reason. Even though it’s optional, people may pay a premium price to buy products that come with the IoT security label instead of picking up a cheaper but obscure one. The team is planning to conduct a relevant study, hopefully collecting data that would act as a convincing lever in the industry.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari