Within the segment ofInternet of Things, it is increasingly crucial to ensure you use secure devices. Users are increasingly complaining about incidents due to the presence of vulnerabilities in products IoToften exploited by bad actors and cyber criminals.
The CSA consortium (Connectivity Standards Alliance), which develops the Matter smart home standard, announced the launch of the specifications on March 19, 2024 IoT Device Security 1.0. This is a new point of reference for the security of IoT devices, also thanks to the related certification program “Product Securityβ that accompanies it.
The PSV sticker (Verified Mark) to certify secure IoT devices
Device manufacturers that meet the specifications established by CSA and have completed the certification process can apply the PSV brand (Product Security Verified Mark) on their devices. So, if the security camera or smart light bulb you intend to purchase “shows off” the PSV label, you can be sure that the product has passed rigorous tests and offers sufficient guarantees against external attacks.
In fact, at least until today, there were no agreed standards or methods for evaluate the level of security of IoT products. The CSA initiative aims to establish a unified standard for IoT cybersecurity and a certification programproviding manufacturers with a one-stop solution to attest to the quality of their devices, allowing them to more easily comply with various international regulations and standards.
The checklist to verify the security of IoT devices
The IoT Device Security Specification 1.0 integrates dozens of provisions having to do with the safety of each product. Manufacturing companies are required to demonstrate thecompliance with the requirementsproviding evidence to support the technical solutions adopted and the application of best safety practices.
Among the highlights of the requirements set by CSA, there are the following:
- Assignment of a unique identifier for each IoT device.
- No password hardcoded in the programming code.
- Secure storage of personal data and confidential information on your device.
- Secure communications of safety-relevant information.
- Secure software updates throughout the support period.
- Secure development process, including vulnerability management.
- Public documentation of safety-related aspects.
The benefits of having shared specifications
CSA specifies that nearly 200 member companies, including Amazon, ARM, Comcast, Google, Infineon Technologies AG, NXP Semiconductors, Schneider Electric, Signify (Philips Hue and WiZ) and Silicon Labs, have collaborated by bringing together related technologies, expertise and innovations. The work carried out has allowed us to reach the “shared recipeβ contained in the IoT Device Security Specification 1.0.
By consolidating multiple international regulations into a single set of requirements, the certification program helps manufacturers meet criteria set across multiple countries or regions by performing a single overall assessment.
Including a broad spectrum of smart home devices such as light bulbs, switches, thermostats, doorbell cameras and more, the certification program establishes minimum requirements for IoT devices.
A printed URL, hyperlink, QR code or a combination of these representations affixed to the PSV sticker offers consumers the ability to access additional information about the security features of each device.
When will the first products with the PSV sticker arrive
CSA CEO Tobin Richardson said the PSV brand was created based on requirements from various government agencies and government-approved programs. He further hypothesized that products with the PSV brand they could appear as early as the end of 2024.
βFor companies that focus on the safety of their products, affixing the PSV mark is a way to differentiate yourself from competitorsβ, added the CEO of CSA, whose board of directors includes representatives of companies such as Allegion, Amazon, Apple, ASSA ABLOY, Comcast, Espressif, Eve by ABB, Fortune Brands, Google, Haier, Huawei, IKEA, Infineon Technologies AG, The Kroger Co., LEEDARSON, Legrand, LG Electronics, Lutron Electronics, Midea, Nordic Semiconductor, NXP Semiconductors, OPPO, Resideo Technologies, Samsung Electronics, Schneider Electric, Siemens, Signify (Philips Hue and WiZ), Silicon Labs, Somfy, STMicroelectronics, Tuya, Verizon and Wulian.
In another article we also recalled the importance of setting up an offline smart home solution: this means freeing yourself from closed ecosystems of many manufacturers and follow the trail of the “Matter philosophy” which seeks maximum interoperability between devices vendor completely different.