Certified Security for a Smart Home: Re-Certification of the Bosch Smart Home System
Since its founding as a subsidiary of Robert Bosch GmbH in 2016, Bosch Smart Home GmbH has been developing and continuously improving “smart” devices that make private households safer and more intelligent—gaining increasing popularity in the process. More and more users enjoy coming home after work to a preheated living space, thanks to remotely controlled or automatically regulated thermostats, while also saving energy. Others keep an eye on their pets while away via smart cameras or feel safer knowing they’ll receive a notification if a smoke detector goes off or a window is opened.
These systems often result in highly complex infrastructures, which can present large attack surfaces for cybercriminals. And since these devices operate in private environments, data protection must be given high priority, and IT security must be treated with particular care.
That Bosch Smart Home GmbH takes this responsibility seriously is demonstrated by previous certifications of the Bosch Smart Home System.
“The Smart Home System was first certified in 2017, and we are pleased to now assess the current 2022 version of the smart products,” says Hendrik Dettmer of TÜV TRUST IT GmbH, part of the TÜV AUSTRIA Group, which was commissioned as the independent body for the re-certification.
Dettmer further explains that this will help Bosch Smart Home maintain its strong market position. However, the top priority remains the assurance of sustainable and effective information security.
Initial situation
What it’s all about: Bosch Smart Home System – intelligent IoT products for the home
Cameras and smoke detectors, door and window contacts, thermostats, lighting control devices, and much more: the Bosch Smart Home System includes a wide range of smart, wireless devices that can be easily controlled via app—even remotely via the cloud, outside the home.
All of these devices are designed to enhance overall living quality by simplifying daily routines, increasing user safety, or contributing to more efficient energy use. For example, the smart devices can notify users via push message when a window is opened, or allow the creation of schedules for intelligent heating and lighting control.
At the heart of the entire infrastructure is the Smart Home Controller, which acts as the central control unit, connecting all devices and storing system data locally.
Approach
Re-Certification of the Smart Home System: Implementation
For complex IoT projects like this one, the assessment must also be based on a correspondingly comprehensive foundation. In this case, a catalog was used that covered the entire implementation as well as the fundamental design of the certification as a TRUSTED IoT Device.
Based on the requirements in this catalog, the Smart Home Controller and a range of sensors were thoroughly tested. A key priority: maintaining a clear overview. First, the security functionalities of the devices under review were identified, and a variety of documentation was collected and analyzed.
This was followed by a technical verification: Were the developed features actually implemented and properly executed? The assessment included, for example, the hardening of embedded systems and the secure loading of software updates. In addition, the experts checked whether encrypted connections between the system’s components—sensors, controller, app, and cloud—were truly secure.
Finally, things got exciting: using common attack techniques, the security experts at TÜV TRUST IT conducted a penetration test to try to breach the system and uncover potential vulnerabilities.
The result was a great success for the company under review: the Bosch Smart Home System once again passed this extensive assessment and was re-certified as a TRUSTED IoT Device.
Your Benefits
More than Prestige: What Does Certification Actually Deliver?
Daniel Backes, project manager at TÜV TRUST IT GmbH, part of the TÜV AUSTRIA Group, is pleased with the consistently strong results and emphasizes the practical value that Bosch Smart Home GmbH gains from this re-certification:
“The certificate as a TRUSTED IoT Device sends a clear message to the company’s customers—especially those who care about being able to trust the security of the products they purchase.”
To continue giving top priority to effective security, Christian Thess, Managing Director of Bosch Smart Home GmbH, wants to embed security already in the development phase of IoT devices:
“At Bosch Smart Home, data protection and data security have always been top priorities. Our experts work closely with product development to assess the security and protection needs of our products.
This includes the entire product lifecycle—starting with the very first step of the development process, through product and feature launches, and into ongoing operations.
A key part of this approach is that we regularly and thoroughly have our security reviewed by external, independent institutions such as TÜV TRUST IT.
We are very pleased that our system has once again been successfully certified.”
– Christian Thess, Managing Director, Bosch Smart Home GmbH