Advisory and Updates on COVID-19 (Coronavirus Disease 2019): sutd.edu.sg/advisory.

3 Singapore smart home hub, Wi-Fi router brands carry new cyber-security label

29 Dec 2020

The Straits Times, 29 Dec 2020, 3 Singapore smart home hub, Wi-Fi router brands carry new cyber-security label
 
Smart home hubs and Wi-Fi routers from local brands Aztech, HomeAuto Solutions and Prolink are the first technology products to carry cyber-security labels similar to the energy-efficiency labels on home appliances.
 
Sold on e-commerce platforms such as Lazada and Shopee, four products from these three brands have been given the Level 1 rating under the Cybersecurity Labelling Scheme (CLS), which is aimed at helping buyers gauge how exposed they are to risks.
 
The Level 1 rating means the device maker has ensured that there is a unique default password and that software updates are automatically pushed to the products.
 
The CLS - a voluntary tiered rating system administered by the Cyber Security Agency of Singapore (CSA) - was launched in October.
 
Checks by The Straits Times found that the prices of the four CLS-labelled products are comparable to those of non-labelled counterparts.
 
For instance, a single unit of the labelled Wi-Fi router from Prolink costs $150, while one unlabelled Wi-Fi router from TP-Link's Deco X20 line is priced at $149.
 
Experts have, however, said that labelled products could cost markedly more - such as when, for a higher rating, a manufacturer sends its product to an external laboratory to test its resistance to cyber-attacks.
 
This is because complying with the requirements for higher ratings involve "significant effort and resources", said Associate Professor Goh Khim Yong from the National University of Singapore's School of Computing.
 
While some consumers said they would be willing to pay a small premium for a more secure product, most indicated that they would prioritise other factors such as user-friendliness and reliability over cyber security.
 
Mr Chen Shao Wei, 34, said he is more concerned with reliability.
 
"As far as I'm concerned, the stuff I buy should not break down," said the tutor, who bought an Asus Wi-Fi router that is not rated under the labelling scheme earlier this month. "Cyber security is not the main concern for me because I'm not a person of high net worth and I don't possess anything worthy of ransom," he said.
 
Others made the distinction between "more critical" products and less critical ones that do not warrant as much cyber-security consideration. Mr Sebastian Chew, 32, said he pays extra attention to the cyber-security capabilities of "critical items" such as digital door locks so as to avoid compromising the physical safety of his home. But the civil servant does not give as much thought to light switches, which he said would not be "life-threatening".
 
Ms Marisa Wei, 32, who works in supply-chain planning, is willing to pay a 10 per cent to 20 per cent premium for a more secure product, having read horror stories about tech items being compromised by hackers. But she would still baulk at huge mark-ups for a certified product.
 
Assistant Professor Sudipta Chattopadhyay, from the Singapore University of Technology and Design's Information Systems Technology and Design department, said consumers should consider getting a more secure model - with higher ratings - for products that deal with sensitive functions like payments, or are critical in a network and have access to private data.
 
"A product that is considered to be critical may vary between people... This is why I think it is important for consumers to understand how they are going to use the product and assess the risk," said Prof Sudipta.
 
Other experts noted that more work is needed to popularise the labelling initiative.
 
Prof Goh said Singapore does not have significant clout to influence the device manufacturers' product strategies as the market here is too small. This is why the CSA wants to work with Asean to increase its clout to get the initiative "off the ground".
 
But he warned that even with the most secure hardware, consumers might still end up being the last "weakest link" by engaging in poor Internet practices such as clicking on unsafe links.
 
"This thus calls for some level of consumer education on what these CLS labels do or do not do, and, of course, for consumers to upgrade their knowledge of safe cyber-security practices."