An IoT Device Has Finally Passed the CTIA’s Cybersecurity Certification Program’s Rigorous Standards
Now we just have to hope many more will follow suit.
Join the DZone community and get the full member experience.Join For Free
Introduced back in August of last year, the IoT Cybersecurity Certification Program sought to encourage the adoption of better security features in cellular-connected IoT devices. And now almost six months later, a manufacturer has finally managed to meet the hefty requirements.
HARMAN Spark, an aftermarket connected car device offered exclusively through AT&T, underwent testing at one of the CTIA’s authorized labs.
Citing this development as “a milestone” for the association’s fledgling program, Senior VP and CTO Tom Sawanobori confidently stated in a press release that the “program and its authorized labs will play a key role in protecting consumers and our wireless networks.”
Indeed, as experts at this year’s RSA security conference pointed out, companies continue to struggle when it comes to securing their IoT devices. “In IoT, it seems like everyone is just trying to ship out their device,” said Checkmarx researcher Erez Yalon. “And then, yes, we see the same old mistakes again and again. Man-in-the-middle is just one of them. When you have the device constantly on you that knows everything you do, knows where you are, this may be a problem.”
Despite the availability of modules like Telit’s WL865E4-P, which allow manufacturers to securely (not to mention energy efficiently) connect their smart devices, keeping prices as low as possible is often the biggest determining factor.
In a piece for InfoWorld, Deloitte’s Chief Cloud Strategy Officer David Linthicum echoed this sentiment. “I live in fear that IoT devices will be exploited by hackers given the poor or nonexistent security so many have. You need to consider security before you purchase IoT devices, and you need to be willing to pay for that security,” he said. “Opt for $50 low-power Bluetooth sensors over the $10 ones if the $50 ones support good security. Although such a decision may add thousands to the cost of an IoT project (a thousand sensors at $40 more each is real money), consider the cost of hacked IoT sensors. It’ll usually be much larger.”
The CTIA developed their program to encourage just that, giving consumers an invaluable metric for determining future IoT device purchases. As the association’s press release also explains, “The certification process includes verifying the device security features against a set of standard cybersecurity best practices addressing the storage of consumers’ information, rigorous password and security management standards and the availability of an over-the-air mechanism for security software updates. Device manufacturers may seek one of three levels of certification, depending on the sophistication of the device and the security characteristics desired or needed for its use.”
“The number of cellular IoT connections is expected to reach 4.1 billion in 2024, according to a projection in the most recent Ericsson Mobility Report,” said Ericsson North America’s Tomas Ageskog. Here’s hoping that consumers start to do their homework and push more companies into better security investments.
Opinions expressed by DZone contributors are their own.