TLDR:
Connectivity Standards Alliance released the IoT Device Security Specification 1.0 and a certification program to address the challenges of insecure IoT devices. The goal is to establish a unified industry standard and increase consumer awareness. The specification includes requirements for unique device identity, no default passwords, secure storage of data, secure communications, software updates, secure development, vulnerability management, and transparency for consumers. The certification program comes with a Product Security Verified Mark to help consumers make informed purchasing decisions.
In 2016, the Mirai Botnet revealed the impact of insecure IoT devices, leading to a push for security by design in new devices. The Connectivity Standards Alliance aims to streamline certification processes for manufacturers and help consumers identify secure devices. While the industry guidance is mostly voluntary, the new standard provides a clear path for manufacturers to follow. The goal is to empower consumers with information about device security and drive industry-wide adoption of secure IoT practices.
The Connectivity Standards Alliance has nearly 200 member companies supporting the new standard, including major players like Amazon, Google, and NXP. Efforts to improve IoT security are ongoing, and initiatives like the IoT Device Security Specification 1.0 play a crucial role in addressing device security challenges and protecting against botnet attacks.