Many homes in the US are brimming with smart home gadgets, which is nice for convenience but less so for security. Smart home and “internet of things” (IoT) devices are known to have security issues, and the US government is taking notice. Starting next year, a cadre of government agencies will begin a program modeled on Energy Star to label products that are found to meet certain security standards.
The White House announced the move following a meeting with device manufacturers like Google, Samsung, and Amazon, as well as representatives from consumer product associations. In attendance on the government’s side were FCC chairwoman Jessica Rosenworcel, National Cyber Director Chris Inglis, and White House cyber official Anne Neuberger. This follows an announcement in 2021 that the White House had directed the NIST and FCC to explore a pilot program for cybersecurity labels.
This is not simply about keeping your home network safe — IoT vulnerabilities can have security impacts on the internet as a whole. They can allow online criminals to take over devices which they then use to launch denial of service (DoS) attacks on websites and services, including those run by the government.
Initially, the labels will focus on devices that are considered the most potentially dangerous, like routers and security cameras. If either of those devices is infiltrated, an attacker could gather vast amounts of information and spy on a household. The program will later expand to more IoT devices, even the simplest of which can provide an attack surface for someone to gain access to your home network. Surely smart speakers will be on the roadmap — these devices are supposed to key on specific wake phrases, but they could be used to listen in on anything if compromised by a serious security flaw.
The labeling program will be overseen by the National Institute of Standards and Technology (NIST) and the Federal Trade Commission (FTC), which will work to develop standards that will be used to test smart home gadgets. The labels will be “globally recognized,” whatever that means. For people who are looking to purchase a product covered by the labeling scheme, there will be a barcode you can scan to get details about the evaluation standards, data encryption/security, and protection from vulnerabilities.
Now read:
- In Buying Roomba, Amazon Increases Its Presence in Your Home
- The Matter Smart Home Standard Launches, Promising Cross-Brand Compatibility
- Researchers Hack Smart Speakers with Lasers