UL or Underwriters Laboratories is a nonprofit organization that conducts independent research and safety data analysis aimed to “make the world a safer place.” The organization uses data science to provide education and outreach on topics such as battery, chemical and fire safety, as well as safety standards for consumer products. Midea, a Chinese company that makes home appliances, recently became the first company in that country to receive an IoT security verification from UL. Midea earned a silver level rating for its air conditioning and dehumidifier product lines, ensuring that these products possess a certain threshold of cybersecurity protection.
"As part of UL's decades of cybersecurity experience and rapidly growing IoT security practice, we are proud to recognize Midea for earning the first IoT Security Rating for a company in China," said Isabelle Noblanc, global vice president and general manager of UL's Identity Management and Security division. "We're proud that our China laboratory was able to support Midea's security assessment needs. This silver level rating achievement helps verify the security due diligence Midea has built into their connected products, helps demonstrate their cybersecurity posture to retailers and regulators and empowers consumers to make purchase decisions based on the security built into Midea connected products."
UL’s Verified Mark comes with a unique code for each product line that earns the credential. The credentials range from bronze, silver, gold, platinum, and finally the highest level of diamond. Consumers of any given product that earns a credential can contact UL to be sent documentation regarding the assessment techniques and methodology used to determine the credential. Once a product line wins the given award level, the verification lasts for one year.
The silver rating means that the given product provides consumers with access to features which hold sensitive information, includes industry best practices for consumer privacy, and that the device is monitored and maintained for security concerns after sale. For comparison, the diamond level rating provides comprehensive cybersecurity assurance including that the device in question is able to detect if malicious software is being inserted into the system and prevents such a code from altering the device. The diamond level also vouches for protection against repeated failed log-in attempts and that data collected is anonymized. Midea’s window air conditioner, split air conditioner, portable air conditioner and dehumidifier product lines were granted the silver level rating based on their security capabilities such as not using default passwords, providing secure updates and connections, among other measures.
"At Midea, we are committed to helping our customers enjoy their homes, and ensuring the security of our connected products is an essential part of that commitment. We incorporate sound security principles into our product development process and look to demonstrate that to our customers," said Hsiang-Chih Hsu, IoT chief security head, Midea. "We're extremely pleased to have achieved the silver level of UL's IoT Security Rating, and we believe UL's third-party verification and our commitment to their IoT Security Rating solution throughout the product lifecycle, helps Midea continue to put our customer's peace of mind first while protecting against security threats.”
UL has a global network of test facilities, and conducted testing of Midea’s products in Nansha, China, once that facility was reopened due to the waning spread of COVID-19. UL stated it has identified opportunities for Remote Witness Testing, in which clients can observe testing of products and materials, a useful option given the COVID-19 pandemic. The rise of consumer, healthcare and industrial uses of IoT devices have necessitated the existence of entities such as UL to establish standards for cybersecurity. Such devices are increasingly subject to cybercrime attacks, which have the potential to cause widespread harm.