Connected devices (IoT) are everyday devices that now come with the ability to be connected to the internet to make them smarter than regular electronic devices.
Although these features are seen as very useful, the risk of connecting these devices to the internet comes in terms of security that is so far not so tight, and this creates a new vector for hacking attacks, such as an incident where a smart toothbrush was hacked into a botnet network DDOS attack.
To solve this, the Connectivity Standards Alliance (CSA) through their Product Security Working Group has introduced the upcoming IoT Device Security Specification 1.0 framework with the Product Security Verified Mark.
The CSA security framework incorporates digital security requirements from the governments of the United States, Singapore and the European Union and takes the essential parts to form a framework that can be used by all brands of connected device makers.
Among the mandatory conditions to pass this CSA-IoT security verification include:
A unique identity number for each IoT device
The default password is unique for each IoT device
Secure storage for storing user data
Periodic announcements on IoT device security related issues
Regular software updates
Open documentation on updates and security support periods
So far, CSA-IoT says that nearly 200 technology companies, including Amazon, Arm, Google, Infineon, Signify and others have worked with them to develop this security standards framework.