The IEEE Is Working on a Standardized Security Label for IoT

  • The IEEE hopes to introduce an IoT security label that will help consumers make a safe choice.
  • The label was designed to be clean and concise while conveying the info in an understandable way and form.
  • The IoT industry may be convinced to adopt this standard; otherwise, we would rely on laws or consumer pressure.

As the rise of IoT (Internet of Things) devices continues, it becomes clear that something fundamental needs to change in order to help secure them. Many of these devices are intrinsically unsafe and haven’t been developed with the user’s security and privacy in mind. However, the ignorance of a large number of consumers leads to widespread problems like the hijacking of IoTs to mine crypto, or their involuntary recruiting in DDoS swarms. In an effort to raise awareness on the consumer level, the IEEE Symposium on Security & Privacy has published a prototype “security label” for IoTs.

The label is providing critical information about the security of the device, allowing the prospective buyer to figure out what data practices underpin it with a single glance. This way, the process of conducting market research before buying an IoT is greatly simplified. As shown in the sample label below, there are details about the period of support with security updates, the access control system, how the device’s vendor handles the captured video and audio data, and links and a QR code for more information.

Source: IEEE

The label’s layout needed to follow a concise form, while the contents and the type of each entry needed to be very easy to read and understand, even for those who know nothing about IoT security. For this purpose, the team that designed it consulted a diverse group of 22 security and privacy experts working in the private sector, the government, or academia. In total, the primary label and the additional information that is accessed after scanning the QR code refer to 47 pieces of security and privacy-related points about the device.

Of course, for this label to become an industry standard, the IEEE will have to convince IoT manufacturers and retailers to adopt it. Governments and legislation could help push things in that direction, just like food products are obliged to carry nutritional value labels. It is a matter of consumer safety and should be made mandatory for this reason. Even though it’s optional, people may pay a premium price to buy products that come with the IoT security label instead of picking up a cheaper but obscure one. The team is planning to conduct a relevant study, hopefully collecting data that would act as a convincing lever in the industry.


Recent Articles

Xiaomi Looking to Deploy Massive Upgrades on the MIUI 12 Camera App

Xiaomi wants to make the MIUI 12 Camera app as exciting as it can be, and is experimenting with a set of new...

Cerberus Was Found Lurking on the Google Play Store

The Cerberus app wore the sheepskin of a Spanish currency converter app and entered the Play Store. The app followed the tactic...

The “Music Mission” Anti-Piracy Campaign Makes Stunning Revelations

The “Music Mission” has released its first findings around pirating platforms, and the size of some is startling. What is more alarming...

The Vast Majority of Home Routers Are Vulnerable in One Way or Another

Many router models that are sold in Europe are vulnerable to exploitation using known flaws. Most vendors are using unsafe securing methods,...

H.266/VVC Codec Officially Announced – Bringing Higher Quality Video While Drastically Reducing Data Consumption

Currently, the H.265 HEVC is the most popular video codec in consumer devices, processing over 90% of video bits on the global level. ...