Helping Safeguard Devices From Cybersecurity Attacks
Why It Matters
Users have long guarded computers, cell phones, and tablets to help protect sensitive information, but as more devices are designed to connect to the internet or a home network, even lightbulbs, thermostats, and refrigerators now require protection against cybersecurity attacks. Although these products may not contain personal information on their own, they can be used by attackers to gain access to other devices connected to a home Wi-Fi router. And digital property isn’t the only thing at risk – if potential home invaders gain digital access to these devices, they may even be able to interpret when homeowners are away on vacation based on whether a refrigerator door has opened in several days.
Because attackers may attempt to gain access to these devices under the guise of remote updates, UL Standards & Engagement has published UL 5500, the Standard for Safety for Remote Software Updates. As a horizontal Standard, UL 5500 provides software update process and validation requirements (taking into account the manufacturers’ recommended processes) and is designed to be used in conjunction with applicable end-product safety standards.
What We’re Doing
UL 5500 includes remote software update process requirements for establishing a remote connection between a host and device, authenticating the host and device, and authorizing that the host entity can initiate remote software updates on the device. These requirements help to ensure that devices will reject fraudulent updates sent by unauthorized host entities. The Standard also includes requirements that data transmission must be encrypted to help guard the remote update process from being hijacked.
If the device detects a corrupted or invalid software download package, time-out, loss of connection, or any other communication error, UL 5500 specifies that the device shall revert to its intended function under the old software download package, initiate a fail-safe condition, or retry the remote software update process while remaining in compliance with the requirements of the end-product standard.
How You Can Help
Our Standards are developed through a consensus-based process, which integrates scientific and testing expertise with input from our Technical Committee (TC) members and stakeholders. TC members represent a variety of interests, including industry, academia, government, retail, and manufacturing. If you are involved in the design, construction, sale, programming, or installation of connected devices, and you would like to help improve safety in your industry, please take a moment to learn how you can get involved.