TÜV TRUST IT GmbH, part of the TÜV AUSTRIA Group, confirms compliance with data protection and data security criteria.
Home Connect GmbH, a subsidiary of BSH Bosch und Siemens Hausgeräte GmbH, had the security of its “Home Connect” app for iOS reviewed and certified by TÜV TRUST IT. The app enables users to control connected home appliances with Home Connect functionality via their home Wi-Fi or through a secure internet connection from anywhere in the world. The development team used TÜV TRUST IT’s AppSpecs Generator tool, which provides security-oriented development guidelines for building secure apps.
At the end of this year, the first digitally connected, Wi-Fi-enabled home appliances with Home Connect functionality will be launched. These can be controlled via mobile devices using the corresponding app, which allows both automated and personalized control of the appliances. The Home Connect app will be available for smartphones and tablets running iOS from December 2014, and for Android-based devices from spring 2015. In addition to simple and secure control of connected appliances, the mobile application offers other practical features such as a recipe tool, user manuals, tips for optimal appliance usage, and important information about individual models and customer service. It helps simplify the use of household appliances in everyday life—from installation and operation to maintenance—creating entirely new possibilities for the modern home.
TÜV TRUST IT thoroughly examined and certified the app’s security. All data storage and device control processes are fully encrypted according to current technological standards. In terms of data protection and privacy, the app also meets today’s requirements: it does not collect usage or location data from users, nor does it transmit personal data to third parties.
For the development of “Home Connect,” the AppSpecs Generator from the security specialist was used. This tool generates context-specific development guidelines based on the app’s specific requirements, covering all relevant functionalities and associated threats. This service ensures that corporate apps meet all required TÜV security criteria and cannot be misused during operation.
“The Home Connect app is a great example of how smart home capabilities can be used productively and with a strong focus on security,” says Detlev Henze, Managing Director of TÜV TRUST IT, following the certification process. One of the requirements for such certification is that all high and medium risks identified during the evaluation must be resolved.
“For this purpose, we developed a dynamic testing methodology that allows apps on all platforms to be analyzed and certified for compliance with security and data protection criteria. The basis of the testing procedure is a threat model developed over several years and a knowledge database containing information on globally known malware and vulnerabilities. Additionally, the app’s source code is semi-automatically checked for existing weaknesses and potential attack vectors. The evaluation is based on context-specific requirements aligned with current threats. Apps are tested both using tools and manual methods.”