Cyber-security label scheme expanded to all smart home devices

Manufacturers of smart home devices such as smart lights, Internet Protocol (IP) cameras and robot vacuum cleaners will now be able to apply for a labelling scheme that assesses the cyber-security levels of such devices.

The voluntary Cybersecurity Labelling Scheme (CLS), launched last October, initially applied to Wi-Fi routers and smart home hubs, which were prioritised due to their wider usage and potentially more severe impact on consumers should these devices be compromised.

The Cyber Security Agency of Singapore (CSA) yesterday expanded the scheme to include all types of consumer Internet of Things (IoT) devices.

It said there would be no change to the scheme’s four-level rating system. Application fees will be waived until October this year.

The Level 1 rating means the device maker has ensured there is a unique default password and that software updates are automatically pushed to the products, while the highest Level 4 rating requires products to be sent for structured penetration tests conducted by CSA-approved third-party labs.

In order to pass the standards for the first two levels, manufacturers need to submit a declaration of compliance along with supporting evidence. For the two higher levels, they will need to submit an assessment report by a laboratory approved by CSA.

There are currently four products – all smart home hubs or Wi-Fi routers from local brands Aztech, HomeAuto Solutions and Prolink – that sport the labels, for Level 1.

“With the proliferation of Internet of Things devices, it is important for us to secure them to ensure that they are not used by hackers to steal our information or compromise our privacy,” said CSA deputy chief executive Gaurav Keerthi.

“Since the launch of the scheme, CSA has received an enthusiastic response from the industry… Soon, with more products built with higher levels of cyber security in the market, I hope that consumers will be more savvy and look out for these products when they are making a purchase decision.”

Last December, the United States Federal Bureau of Investigation warned of an increasing trend of hackers hijacking smart home security systems to report fake crimes to the police. It said offenders were likely taking advantage of those who reuse their e-mail passwords for their smart device, having stolen those passwords previously.

In some cases, footage of police officers entering a residence in response to a fake alert was live-streamed online via hacked home cameras and speakers.