back to article Look for the label: White House rolls out 'Cyber Trust Mark' for smart devices

The White House this week introduced a voluntary cybersecurity labeling program for technology products so that consumers can have some assurance their smart devices aren't spying on them. "The White House launched this bipartisan effort to educate American consumers and give them an easy way to assess the cybersecurity of …

  1. Tron Silver badge

    Reds under the garage door openers!

    I don't use IoT stuff. Not because of cybersecurity issues, but because it is overpriced crap for lazy rich people.

    You buy it, you faff around installing it, it works for a bit, the company gets bought or goes bust, the servers go down without warning and YOU HAVE TO OPEN YOUR OWN GODDAM GARAGE DOOR. It's enough to push a lazy rich person past their tipping point.

    Does the colour of the label relate to the particular NSA backdoor that is built into the device?

    1. simonlb Silver badge
      FAIL

      Re: Reds under the garage door openers!

      So it's not about creating an industry standard, inherently secure, vendor agnostic IoT protocol to make all these devices secure by default? Well that's completely missing the target and therefore a massive fail on all levels.

      We don't want a 'trust mark', we need a protocol.

      As for the data slurping, if the device/appliance/gadget insists it needs an internet connection when in reality is doesn't, boycott the vendor and go elsewhere.

      1. Khaptain Silver badge

        Re: Reds under the garage door openers!

        "As for the data slurping, if the device/appliance/gadget insists it needs an internet connection when in reality is doesn't, boycott the vendor and go elsewhere"

        This, exactly, there is a lot of choice today and building an almost air gapped home setup is fully achievable . Need to leave a port open for a VPN or control that's all.

        Nothing needs to be outbound.

        As for.being lazy and rich. That's just an excuse for saying that you are lazy and won't do the research. Learn to select or build your own equipment, it's more than possible with Arduino and a few components, you don't need the high end stuff in order to get good results.

        1. LBJsPNS Bronze badge

          Re: Reds under the garage door openers!

          "That's just an excuse for saying that you are lazy and won't do the research."

          I would remind you that there are many many many stupid people with money.

        2. Tron Silver badge

          Re: Reds under the garage door openers!

          'Rich' because all tech solutions cost more than getting up off the sofa to press a button. Like many people in the UK I no longer spend money if I do not need to, because our currency has been screwed by Brexit, our energy bills have been artificially inflated by the government, interest rates have been hiked, and what food there is in the shops costs twice what it used to a few years ago.

          'Lazy' because we really don't need to automate most of this stuff. The more 'smart' stuff people use, the dumber society seems to get.

          I also consider the addition of a layer of tech to anything reduces the resilience, so it is best avoided where possible. Before the net, nobody in Eastern Europe could take down your local council. If the power goes off in a school they now close it because the 'safeguarding software' no longer works. You cannot use some car parks without having a smartphone, a signal and a contract. The addition of technology does not automatically improve things, but it does add complexity and complexity increases the risk of failure.

    2. Gene Cash Silver badge

      Re: Reds under the garage door openers!

      I made my own IoT stuff. My server is a Raspberry Pi 3B+ bolted to the wall. My phone presents a certificate before it's allowed to open the door and it also checks the server certificate.

      It was fun though, when I was trying to figure out how to generate and validate certificates, as I was a complete SSL noob. There were tons of posts on StackOverflow going "your SSL doesn't work? here's how to make it accept ANY certificate!" which is pretty pointless.

      1. Anonymous Coward
        Anonymous Coward

        Re: Reds under the garage door openers!

        Glad you had fun but I use a metal key. They're quite reliable, backups are cheap, they work in a power cut and even your grandma can learn how to use them. ;)

        1. Khaptain Silver badge

          Re: Reds under the garage door openers!

          Yup, keys get lost, stolen, forgotten, forged, lock picked , no problems there huh ...

          1. LybsterRoy Silver badge

            Re: Reds under the garage door openers!

            Those sort of events tend to get noticed but hacked hmmm

          2. LBJsPNS Bronze badge

            Re: Reds under the garage door openers!

            And which of those doesn't apply to whatever electronic device you might use in their place?

  2. Yet Another Anonymous coward Silver badge

    US Cyber Trust Mark

    Ha, haa, haaa , haaaa

    no, just give me a second

    Haaa, haaa, haaa

  3. DJV Silver badge

    I initially read that as...

    US Cyber Musk Fart...

  4. Mentat74
    Thumb Down

    'Cyber Trust Mark '

    And what if I don't trust Mark ?

    1. David 132 Silver badge
      Happy

      Re: 'Cyber Trust Mark '

      Then let me be Frank with you - Shirley you can't be serious?

    2. Strahd Ivarius Silver badge
      Devil

      Re: 'Cyber Trust Mark '

      You'll have soon the opportunity to use "Cyber Trust Elon", don't worry...

  5. Bump in the night
    Unhappy

    Not sure it says much

    Shouldn't it contain some kind of ID number that one could check the unit's actual status? Looks kind of fake otherwise.

    1. Dan 55 Silver badge

      Re: Not sure it says much

      That's the QR code next to it which will take you to https://secure-connection.cyber-trust.fcc.gov.com.cn/secure.cyber-trust.fcc.gov/secure

  6. Howard Sway Silver badge

    Trust

    "It needs to look not only how secure is the hardware of your smart washing machine, but also how secure is the cloud where the company is storing the data that's collected through your washing machine"

    Yep, definitely going to buy a washing machine that actually collects data on me because it's got a sticker on it telling me I can trust it.....

    Rather than being trustworthy, the sticker points out that the device unnecessarily slurps personal data, and almost certainly the business plan behind such slurping means that there will be terms and conditions consenting to that data being sold on to third parties. Because there's not a cent to be made from knowing that I washed my undies one Thursday night.

    1. Anonymous Coward
      Anonymous Coward

      Re: Trust

      The CIA are desperate to know our washing habits.

      However, I can see a time when we are only allowed x number of washes to meet our credits score requirements to buy food. It's saving the planet you know.

      1. Roj Blake Silver badge

        Re: Trust

        It's to help with money laundering investigations.

    2. Strahd Ivarius Silver badge
      Coat

      Re: Trust

      The washing machine needs the connection to be able to track the socks that keep getting lost!

  7. jake Silver badge

    Hi! We're from the government!

    We're here to help you!

  8. Pascal Monett Silver badge
    FAIL

    It will be administered by 11 different companies

    Thank you, that's all I need to know.

    Good bye.

    1. This post has been deleted by its author

    2. uv
      Coat

      Re: It will be administered by 11 different companies

      We need a handful more on the bench

  9. steelpillow Silver badge
    Facepalm

    Nation Institute of Shattered Trust

    The NIST note that an IoT device may need to connect back to a cloud service or something before it can actually work.

    Users will assume that the Trust mark applies to that service.

    But not for long....

    1. seven of five Silver badge

      Re: Nation Institute of Shattered Trust

      > Nation Institute of Shattered Trust

      oh, so that is what the acronym expands to. Thanks for pointing out. I always read it as "nauseous, inbred, stupid twats"

  10. Winkypop Silver badge
    Big Brother

    Big Brother loves you

    Look for this logo

  11. Anonymous Coward
    Anonymous Coward

    The Cyber Truss Mark ensures that only your own government and their contractors can hack?

    1. The Bobster

      Lettuce hope that this is not the case, otherwise it could crash the whole initiative!

  12. Anonymous Coward
    Anonymous Coward

    Misdirection? Probably!

    "...consumers can have some assurance their smart devices aren't spying on them..."

    "...products that meet the NIST-defined testing criteria ... will be able to display the US Cyber Trust Mark and a QR code..."

    This scheme "..."is not going to solve every problem...". No s**t Sherlock!!

    Among the other problems would be.....NIST (!), the NSA (!), GCHQ, Five Eyes, Google, Amazon, Microsoft, Cisco, the NSO (you know...Israeli spies)....and so on.....

    So....anyone having more trust because of the "US Cyber Trust Mark"....has been duped by the usual misdirection from the usual suspects.

    Just saying!

    1. Bebu sa Ware
      Coat

      Re: Misdirection? Probably!

      Among the other problems would be.....NIST (!), the NSA (!), GCHQ, Five Eyes, Google, Amazon, Microsoft, Cisco, the NSO (you know...Israeli spies)....and so on.....

      Might be safer ignore the labelled products and buy unlabelled Huawei then only have deal with Chinese (PRC) state surveillance.

  13. LBJsPNS Bronze badge

    Sweet good goddamn, there are a lot of paranoid people on here. Do you really think the government, whichever it is, gives a damn about how often you do laundry? And if you haven't learned to tune out advertising a long time ago, I'm really not sure what to tell you.

    1. Anonymous Coward
      Anonymous Coward

      Please Tune In.............................

      @LBJsPNS

      ....please do a search on "surveillance capitalism".......

      ....it's absolutely NOT about "tuning out advertising".................................................................

  14. Jimmy2Cows Silver badge

    Not intended for wired products? Pointless

    A fuckton (metric or imperial) of "smart" devices are wired: TVs, washing machines, driers, dishwasers, fridges, CCTV systems, EV chargers...

    Why don't these warrant the same dubious level of protection offered by this voluntary scheme (a scheme that won't be immediately gamed or faked, nosiree!).

    And QR codes? Seriously!?! Teach people to blindly scan a QR code because it appears next to a "trust mark". Nothing can possibly go wrong with that.

  15. sitta_europea Silver badge

    I'm surprised nobody's asked how long it will take the Chinese manufacturers to forge these marks.

    They've been forging CE marks for decades.

    1. Anonymous Coward
      Anonymous Coward

      Maybe Some Xenophobia There??

      @sitta_europea

      "Chinese manufacturers"

      You forgot about snooping by........NSA, GCHQ, Cisco, NSO, Amazon, Microsoft, Apple.......

  16. razorfishsl

    LOL...

    There are sellers in China already offering network equipment & shite with this mark

    I saw them getting ready , whilst doing a factory inspection in Shenzhen....

    1. Bebu sa Ware
      Coat

      Buy unlabelled for safety?

      There are sellers in China already offering network equipment & shite with this mark

      I saw them getting ready , whilst doing a factory inspection in Shenzhen....

      Like much in this sorry mess of a world the whole shemozzle is a pointless exercise in futility.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like