Smart home and IoT devices are amazing. But, they’re definitely not without security risks. That’s why the UL IoT Security Rating was created. And yes, these standards are created by the same UL organization responsible for safety ratings on millions of products you use every day. The organization’s goal has always been to “make the world a safer place.” With IoT continuing to grow, this is yet another area that needs more checks and balances to make the world safer.
What is the UL IoT Security Rating?
Even though you’re probably using IoT or smart home products in your home, you can’t always count on them to be secure. Of course, it’s not just personal devices that are problematic. Even medical devices have been hacked, putting lives at risk.
The UL IoT Security Rating seeks to measure the security levels of connected products. Each of the five levels has to meet specific security guidelines. Manufacturers that wish to become UL verified must prove their product(s) meet the necessary standards.
While IoT manufacturers don’t have to become UL verified, it’s a way for consumers to know whether the product they’re buying has any verified security features and exactly how secure the device is.
Another benefit is that every UL-verified product features a unique identifier. You can check the integrity of the rating by entering the identifier number on Verify UL. Every rating has an expiration date, which can be renewed. You can check whether the rating is still valid to see if it still meets current security standards, which will change and adapt as technology and hackers evolve.
The Five Security Levels
There are five UL IoT Security Rating levels. These range from Bronze to Diamond with Bronze being the least secure. However, to even reach Bronze, connected devices must demonstrate some basic cybersecurity protections to keep users safe.
Each level adds additional standards, ensuring that any products that reach Diamond level are some of the most secure connected devices you can buy. Of course, you should always remember that hackers are determined, and no device is completely secure as long as it’s connected to the Internet. Plus, some security measures fall on the user, too, such as choosing more secure passwords and ensuring the home or business network is secure as well.
Diamond – Most Secure
The Diamond level has three main criteria that help these products stand out. First, data is stored to help keep a user’s identity completely anonymous. Any connected device will store data, but it shouldn’t lead back to you. Otherwise, hackers immediately gain access to your identity during a hack.
Devices are also able to detect malicious code injections and prevent the device from being altered. Finally, the device prevents multiple failed login attempts, making it nearly impossible for hackers to simply guess your password before being locked out.
Under the Platinum rating, devices have been thoroughly tested against any known cybersecurity threats. Note, this is “known” threats, not potential new threats. However, firmware and software updates can keep the known threats updated.
There’s also malware protection. The code on connected devices won’t accept unknown code.
As a final precaution, users must re-login regularly to avoid a hacker being able to piggyback off a login and stay connected to a user’s network.
Gold – Moderate Security
The Gold UL IoT Security Rating ensures all transmitted data uses the latest industry-leading encryption standards. Plus, devices are optimized with the best security settings without any real user intervention, outside of setting a password, of course.
The final standard also protects connected device apps. After all, if the app is hacked, the device can be hacked.
Silver isn’t necessarily reserved for the most secure devices. While devices must be monitored for security issues and maintained to protect users, there aren’t any real protections in relation to user data. However, users must be informed about all data collected along with how it’s used and stored. Users must consent in order for data to be collected, but not consenting will limit the usability of the device.
Finally, any areas, such as device settings, that contain personal information must include authentication methods to protect the information.
Bronze – Least Secure
Bronze devices only have the most basic security precautions. These devices don’t have pre-programmed passwords for hackers to exploit. Security updates must be verified before being installed to prevent malicious updates from being installed. Also, the reset button must securely delete all stored information completely.
Relying on UL
While the UL IoT Security Rating isn’t perfect, it’s a start toward holding the industry more accountable. Plus, it finally gives users a way to verify at least some security features before buying.
Images credit: UL Identity Management and Security