Skip to main content

IoT Security Rating Levels

UL is an independent global safety science company whose mission is to “make the world a safer place.” We empower trust by enabling the safe adoption of innovative new products and technologies.

You may expect that any connected product you can buy in a store or online is secure, but in reality that is not the case. So how can you determine whether the product you want to buy is really a secure product?

UL has created a rating system that measures the security of connected products. With this IoT Security Rating, we test and classify products into one of five security levels, ranging from the lowest level, bronze, to the highest level, diamond. Each level represents a set of security capabilities that is strongly implemented in the product by the manufacturer. Level bronze contains a set of essential must-have security capabilities, level silver contains enhanced security capabilities, level gold contains more advanced security capabilities, and so on. You can find more details for each of the levels below. 

IoT Security Rating

The rating is displayed through the UL Verified Mark and this Mark contains a unique identifier – the number on the bottom-right of the Mark – for each product. With this identifier you can look up whether the Verified Mark is active or whether it has expired*.

* When no results are found with the identifier you provided, the label has expired and we have already removed it from our database.

Security capabilities by level

Bronze Level

Bronze - Essential

No Default Passwords
Users don’t have to rely on default passwords preprogrammed into a product. Users are instead urged to choose passwords which are difficult to guess/crack. 
Secure Update Mechanism 
Regardless of the method of software update – on-demand or automatic – the updated files are validated and confirmed to be secure and necessary protected by additional authentication mechanisms. 
Secure Reset
The factory reset button or function securely removes all sensitive data. 
Secure Connections

Any communication connections being utilized by the device are validated and confirmed to be secure. 
 

 

Silver

Silver - Enhanced

Access Control
Access to features which hold sensitive information, i.e. security settings and personal information, are protected by additional authentication mechanisms. 
Industry Privacy Best Practices  
The type of data that is collected, processed and stored by the device is made known to the user, and the user is given the opportunity to consent to such collection, processing or storage. 
Product Security Maintenance 
The device is monitored and maintained  for security concerns after sale of the device. 
 

 

GoldGold – Advanced

Stored and Transmitted Data Security
When data is stored or transmitted to the device, the data is secured by using industry supported encryption. 
Secure Out-Of-The-Box Settings 
The device is secure and ready for use without unnecessary intervention by the user. 
Mobile App Security Maintenance 
If a device connects to an app, the app itself is monitored and maintained for security concerns. 

 


 

Platinum

Platinum – Extensive

Known Threat Testing 
The device and its software have been tested for publicly known threats. 
Malware Protection 
The device doesn’t automatically accept and respond to untrusted code. 
Permanent Log-in Prevention 
A user is not able to remain logged in for an indefinite amount of time. The system will intermittently re-authenticate the user.  

 

 

 

Diamond

Diamond – Comprehensive

Malicious Software Modification Detection 
The device is able to detect if foreign code is being inserted into its system and prevent that code from altering the device.
Illegitimate Access Attempt Protection
The device protects against repeated failed log-in attempts.
User Data Anonymization 
Data which is processed, collected and stored is kept in a format which will not lead to identification of the user.