IoT Security Rating Levels
UL is an independent global safety science company whose mission is to “make the world a safer place.” We empower trust by enabling the safe adoption of innovative new products and technologies.
You may expect that any connected product you can buy in a store or online is secure, but in reality that is not the case. So how can you determine whether the product you want to buy is really a secure product?
UL has created a rating system that measures the security of connected products. With this IoT Security Rating, we test and classify products into one of five security levels, ranging from the lowest level, bronze, to the highest level, diamond. Each level represents a set of security capabilities that is strongly implemented in the product by the manufacturer. Level bronze contains a set of essential must-have security capabilities, level silver contains enhanced security capabilities, level gold contains more advanced security capabilities, and so on. You can find more details for each of the levels below.
The rating is displayed through the UL Verified Mark and this Mark contains a unique identifier – the number on the bottom-right of the Mark – for each product. With this identifier you can look up whether the Verified Mark is active or whether it has expired*.
* When no results are found with the identifier you provided, the label has expired and we have already removed it from our database.
Security capabilities by level
Bronze - Essential
No Default Passwords
Users don’t have to rely on default passwords preprogrammed into a product. Users are instead urged to choose passwords which are difficult to guess/crack.
Secure Update Mechanism
Regardless of the method of software update – on-demand or automatic – the updated files are validated and confirmed to be secure and necessary protected by additional authentication mechanisms.
The factory reset button or function securely removes all sensitive data.
Any communication connections being utilized by the device are validated and confirmed to be secure.
Silver - Enhanced
Access to features which hold sensitive information, i.e. security settings and personal information, are protected by additional authentication mechanisms.
Industry Privacy Best Practices
The type of data that is collected, processed and stored by the device is made known to the user, and the user is given the opportunity to consent to such collection, processing or storage.
Product Security Maintenance
The device is monitored and maintained for security concerns after sale of the device.
Gold – Advanced
Stored and Transmitted Data Security
When data is stored or transmitted to the device, the data is secured by using industry supported encryption.
Secure Out-Of-The-Box Settings
The device is secure and ready for use without unnecessary intervention by the user.
Mobile App Security Maintenance
If a device connects to an app, the app itself is monitored and maintained for security concerns.
Platinum – Extensive
Known Threat Testing
The device and its software have been tested for publicly known threats.
The device doesn’t automatically accept and respond to untrusted code.
Permanent Log-in Prevention
A user is not able to remain logged in for an indefinite amount of time. The system will intermittently re-authenticate the user.
Diamond – Comprehensive
Malicious Software Modification Detection
The device is able to detect if foreign code is being inserted into its system and prevent that code from altering the device.
Illegitimate Access Attempt Protection
The device protects against repeated failed log-in attempts.
User Data Anonymization
Data which is processed, collected and stored is kept in a format which will not lead to identification of the user.