In Singapore, cyber security labels on Wi-Fi routers, smart devices to inform consumers

March 3rd, 2020 | by Alfred Siew
In Singapore, cyber security labels on Wi-Fi routers, smart devices to inform consumers
ILLUSTRATION: Gerd Altmann from Pixabay

Singapore will be one of the first countries to stick labels on Wi-Fi routers, smart home hubs and other Internet of Things (IoT) consumer devices in a bid to educate users and beef up cyber security at home.

Like labels that tell consumers how energy-efficient a refrigerator or air-conditioner is, these new cyber security labels will inform buyers if a Wi-Fi router has basic safeguards, such as having no default passwords and delivering software updates over time.

There are not much details yet on the new scheme, which was unveiled today by Senior Minister of State for Communications and Information Janil Puthucheary, though it is aimed at denying a soft spot for hackers to exploit and wreck widespread havoc.

“The scheme will raise consumer awareness of more secure products and aims to encourage manufacturers to adopt additional cyber security safeguards,” said Dr Janil during a debate on the government budget this year, The Straits Times reported.

For a start, the labels will be stuck on Wi-Fi routers and smart home hubs when the scheme is rolled out later this year.

This is because these devices have a wider usage and are often the gateways into the rest of the home network, the Cyber Security Agency of Singapore explained.

“Nonetheless, the scheme will be designed to be applicable to a broad range of consumer IoT products in future,” the agency said on its website.

The immediate question, of course, is how effective the scheme will be. With thousands of IoT product types in the market, it could be challenging to test them quickly to be ready for the market.

If it takes months to test a router, for example, its entrance in the Singapore market would be delayed. With fast-moving technologies, some products may even be outdated by the time they arrive on shelves.

Remember that this may not be as simple as a “type approval” type of labelling, like a smartphone that is usually okay to use here if it follows international standards. That’s because of the sheer number of IoT product types out there.

You’d hope that Singapore’s adherence to a similar cyber security standard for IoT devices in the European Union would make things smoother.

Manufacturers will willingly submit to testing to enter the large European market, so it’s easier for Singapore to emulate things, instead of forcing them to test every single device again here.

Also of concern is how these labels will work over time. Unlike a refrigerator, a piece of network hardware or an IoT device is only as good as the software inside these days, so how secure it is depends on how often the software is updated. This changes over time.

What happens, for example, if a company goes bust all of a sudden? That means the updates are not available any more and a device that had a stellar rating would be vulnerable to any loopholes that are discovered later on.

How will a label address this? Should it be a simple advisory, like having a number of ticks used to denote how energy efficiency a fridge is? Or is that too simplistic?

That’s the challenge of the authorities, who do have the right intentions here.

Indeed, getting users to get their own networks in order is key to avoiding large-scale denial-of-service attacks, like in 2016, when hackers commandeered millions of Internet-connected cameras to bring down the Internet in large parts of the United States.

With billions of IoT devices coming into homes in the years ahead, the risk is growing dramatically, simply because of the larger attack surface available to hackers.

And that’s not even mentioning the lack of security that many such devices, from fridges to cameras to even sex toys, that expose users to unnecessary risks.

An important question that users have to ask when buying a connected device today is whether the benefits outweigh the risks of adding another gadget on the home Wi-Fi network.

Is it really necessary to have a Wi-Fi-connected door lock, for example? Or a smart light that you stop fiddling with after the first few tries?

So, while the Singapore government is being proactive in asking for labels on smart devices, it really is down to consumers to make smart buying decisions.

That means weighing the pros and cons carefully instead of going for the shiniest new gadget promising yet more convenience in their digital lives.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.