New International Standard Aims to Make Smart Technology Safer and Less Creepy

You might be surprised to learn that there is a certified brain trust dedicated to making online life better for all of us. This group, the Connectivity Standards Alliance (CSA), is made up of virtually every major Internet of Things company, and its goal is to create standards that all smart technology vendors will adhere to. In theory, this should lead to a better and more consistent experience for consumers.

For example, CSA is the group responsible for the Zigbee and Matter standard , which is a set of parameters that smart technologies can and should subscribe to in order to make all products compatible with all multi-system hubs and hopefully eliminate the need for separate hubs and applications for each system.

In addition to improving the performance of smart technologies, CSA is working on their security. To that end, this week the CSA announced a new international security standard for smart home technologies.

Smart home products combat security stigma in the face of attacks

It’s hard to ignore the bad reputation smart security systems have acquired over the past few years. Breaching has been reported at major brands like Eufy and Wyze , and last month it was reported that Wi-Fi jammers are causing additional problems for wireless security systems.

It’s not just security devices that are at risk: if your Wi-Fi can be hacked, so can your robot vacuum cleaner, your smart speakers, and your smart toaster (you could say that’s an argument against having a smart toaster , but that’s only because you don’t have it yet). If an attacker is able to remotely turn on your smart heater or turn off your smart refrigerator, they can cause serious havoc. In theory, uniform safety standards should make this task more difficult.

Certification standards can help reassure consumers

In a press release, CSA CEO Tobin Richardson said that by consolidating and unifying disparate international standards, the “Product Safety Certification Program… provides manufacturers with a unique and respected opportunity to certify their devices worldwide.” If all goes according to plan, this should lead to better and safer smart home devices across the board.

However, the new standards seem to only cover the US and UK for now, so calling them “global” seems a stretch. The press release outlines the Matter, Zigbee and Product Security specifications and requires the following certification requirements:

  • Unique identification for each device

  • There are no hard-coded default passwords.

  • Securely store sensitive data on your device

  • Secure transmission of security-sensitive information

  • Secure software updates throughout the support period

  • Secure development process, including vulnerability management

  • Public security documentation, including support period

Manufacturers can go through the certification process if they adhere to the standard, and if they pass, their products will receive a “Product Safety Verification Seal,” which will tell consumers that the device can be trusted as relatively safe.

We hope that the participation of major brands will lead to widespread adoption

The CSA formed a Product Safety Working Group with more than two hundred member companies, including Amazon, Arm, Comcast, Google, Infineon Technologies AG, NXP Semiconductors, Schneider Electric, Signify (Philips Hue and WiZ), and Silicon Labs. What’s notable about this group and the standard it created is that while the Matter and Zigbee recommendations include the security of the protocols themselves, the new security standard applies to the products themselves and can be adopted by products that do not have Matter or Zigbee.

New standards are a good start

These standards are a fairly simple set of requirements and, in particular, resemble the version 1.0 security standards under which they are labeled. It’s good to have a background and be aware of the challenges the industry faces, not to mention the stigma that has arisen among some consumers regarding smart technology. I hope that this announcement is just the beginning of the process of creating truly strong, virtually global standards that actually address the issue of product safety.

At the same time, I can’t ignore the crude implementation of Matter, which also sought to standardize smart technology security among manufacturers. They were initially touted as almost the same global standard, but for connectivity protocols rather than products, and you’d be hard-pressed to find anyone in the tech world impressed by the level of adoption.

Instead of delivering on the promise of eliminating the need for multiple hubs and third-party applications, companies that initially promised to support the Matter standard have been slow to implement it into actual product releases. Just this week I reviewed a light that requires a Zigbee hub to provide Materia support, defeating the whole point of Materia being supposed to free you from hubs entirely. I hope this new safety standard will be better.

More…

Leave a Reply