SINGAPORE – Manufacturers of smart home devices such as smart lights, Internet Protocol (IP) cameras and robot vacuum cleaners will now be able to apply for a labelling scheme that assesses the cyber security levels of such devices, after the scheme was expanded on Thursday (Jan 21) by the Cyber Security Agency of Singapore (CSA).
The voluntary Cybersecurity Labelling Scheme (CLS), launched last October, initially applied only to Wi-Fi routers and smart home hubs, which were prioritised because of their wider usage and the potentially more severe impact on consumers should these devices be compromised.
The scheme has now been expanded to include all types of consumer Internet of Things devices.
The CSA said there would be no change to the scheme’s rating system, which comprises four levels. Application fees will be waived until October this year.
The level 1 rating means the device maker has ensured that there is a unique default password and that software updates are automatically pushed to the products, while the highest level 4 rating requires manufacturers to have sent their product for structured penetration tests approved by third-party labs.
In order to pass the standards for the first two levels, manufacturers need to submit a declaration of compliance along with supporting evidence. For the two higher levels, they will need to submit an assessment report by a laboratory approved by CSA.
There are currently four products – all smart home hubs or Wi-Fi routers from local brands Aztech, HomeAuto Solutions and Prolink – that sport the labels, with several more applications in the works.
These products have been given the level 1 rating, which is displayed on the labels.
CSA deputy chief executive Gaurav Keerthi said: “With the proliferation of Internet of Things devices, it is important for us to secure these devices to ensure that they are not used by hackers to steal our information or compromise our privacy.
“Since the launch of the scheme, CSA has received an enthusiastic response from the industry… Soon, with more products built with higher levels of cyber security in the market, I hope that consumers will be more savvy and look out for these products when they are making a purchase decision.”
Last December, the United States’ Federal Bureau of Investigation (FBI) warned of an increasing trend of hackers hijacking smart home security systems to report fake crimes to the police.
The FBI said offenders were likely taking advantage of customers who reuse their e-mail passwords for their smart device, having previously obtained the stolen passwords illegally.
In some cases, footage of police officers responding to the alert and entering the residence was live-streamed on online platforms through hacked home cameras and speakers.