ICSA Labs offers IoT certification
Security is hard, this much is apparent from the major breaches regularly reported by major corporations around the world. In the IoT space, this drives many vendors to do little about it when developing cheap, short cycle volume products. Vendors who have built a business around their device tend to be more thorough, but still run a very good chance of missing something.
The problem for us as consumers is that it is difficult, if not impossible, to make a determination about the security of a given product before purchase. There is little published by vendors about their security architecture, and independent assessment it left entirely to independent security researchers. Given the proliferation of individual device models, most of them are unlikely to ever get that sort of attention.
There has also been no formalized standard or certification that vendors could pursue for their IoT offerings to provide some assurance to prospective buyers until now.
As of late 2016, security assurance company ICSA Labs has added an IoT security certification to their stable of offerings. Who are ICSA Labs? According to their website:
Their first, and only, customer for this service to date has been Canary, whose home security device I reviewed earlier. They've published a video from Chris Rill, CTO and co-founder of Canary discussing how they see this as an advantage for vendors. Chris concludes with this:
Having an independent third party assessment, with formally published findings like this one does, would be a great thing in terms of allowing consumers to be better informed when buying IoT devices. It's unfortunate that there have been no other products assessed under this standard since 2016, but we can still hope this initiative, or others like it, will gain traction as a market differentiator to help drive better security practices in the future.
ICSA Labs: https://www.icsalabs.com/