LAS VEGAS — As a leader in the IoT sector, global IoT development platform provider Tuya Smart (NYSE: TUYA) is also showcasing several brand-new security-related products and solutions at CES 2022. These offerings aim to help developers launch products with high efficiency and reduce their worries about product safety.
Two years from the beginning of the COVID-19 pandemic, CES 2022 is coming back to Las Vegas in person, enabled by heightened safety measures adopted by the event organizers. In the face of the continued pandemic, technology firms, industry experts, and journalists are all coming together online and offline to a different tech landscape, forever changed by COVID-19.
One of the major impacts of the pandemic on IoT and smart devices has been the rise of global network security issues that consumer needs and behaviors have further amplified during the pandemic.
According to a 2021 report from IoT Analytics, the number of connected IoT devices is expected to hit 12.3 billion active endpoints globally by the end of 2021 and grow to over 27 billion IoT connections by 2025. Coupled with increased remote work after the onset of the COVID-19 pandemic, consumers are more exposed than ever to online attacks. According to Akamai’s annual state of the internet security report, remote work and increased connectivity contributed to a spike in cyber-attacks. At the same time, web application attacks tripled in 2021, from what was already a record year in 2020.
At this year’s CES, network security has become a topic of concern for all major players in the industry. Among the issues, IoT security has risen a key focus for many manufacturers, developers, and suppliers to exhibit their forward-looking vision and R&D capabilities. There are particular challenges for IoT that differ from traditional network security. Throughout CES, posters and videos promoting network security solutions can abound, and security-related hardware products are in pride of place at many booths.
At Tuya Smart’s CES booth, the Company’s new IoT security module, WBR3N, exhibited in physical form and available for a virtual tour online, has drawn the attention of many journalists and industry professionals. This industry-leading security module is the first IoT module of its kind with a built-in secure element (SE) to hold a Common Criteria (CC) EAL6+ certificate.
Commanding comprehensively robust security guarantee, the module realizes mutual certificate authentication and device activation authentication between the device and the cloud and the Elliptical Curve Cryptography (ECC) security certificate and device certification information built into the Squeeze-and-Excitation (SE) block during the production process. In terms of communication, WBR3N uses TLS1.2 two-way strong verified communication based on security authentication, representing the highest communication security level in the industry.
Regarding security protection of device data, WBR3N uses built-in independent SE to execute the data encryption and decryption process, therefore fully safeguarding data security. At the same time, the module provides SE-based independent physical security storage and has a built-in root of trust (RoT), through which storage is performed. The core codes also enjoy protection by the built-in SE, while OTA ensures process safety through secure communication and firmware verification.
Overall, WBR3N comes with multiple logical and physical protection layers such as metal shielding, end-to-end encryption, memory encryption, and tampering detection, able to effectively fend off various advanced attack methods such as power analysis and fault attack.
Aside from enhanced hardware security capabilities, Tuya Smart has also announced the release of Tuya Sage, an IoT security operation platform, at CES 2022. The solution is designed to help developers identify and eliminate potential security risks of the IoT system and ensure security and compliance during system operations.
Shared security responsibility is the fundamental principle of IoT security. Shared security means that cloud providers are responsible for protecting cloud security. At the same time, developers are responsible for the security of the applications, data, and resources that use and access the cloud. In practice, many developers lack a holistic sense of global smart terminals’ security and compliance status, a challenge that industry experts are looking for solutions to address.
With Tuya Sage, developers have oversight of all protected devices, including their basic security information and risk status. Once a device encounters an attack, the developer can complete the risk interception in just one click. Through real-time threat intelligence, Tuya Sage can identify local vulnerabilities in smart terminals in a timely and effective manner, allowing developers to fully understand the security and privacy compliance status of the terminal and whether there is any non-compliant user data flow so that it can be rapidly addressed.
In recent years, Tuya Smart has spared no effort in advancing platform and technology-related security and compliance and proactively conducting third-party data security certifications to meet the varying security needs of customers around the globe. This unique ability to meet the varying security needs of customers worldwide puts Tuya Smart in a unique position as a leading global IoT development platform service provider.
According to the public information, Tuya Smart has obtained several third-party data security certifications, including BSI’s ISO27001 standard for information security system, ISO27017 standard for cloud security management system, ISO27701 standard for cloud platform privacy and security, and the CSA STAR cloud security certification. In terms of regional compliance, Tuya Smart has passed Ernst & Young’s SOC 2 Audit and TrustArc’s GDPR and CCPA’s regional compliance validation. The Company is also a recipient and member of TrustArc’s Enterprise Privacy Certificate (EPC).
When it comes to product safety standards, Tuya Smart has passed TÜV SÜD’s EU ETSI standard for cybersecurity in IoT, as well as the most Alliance’s hardware safety certification in 2021. The Company has also partnered with Rapid7, wizlynx group, ScienceSoft, UnderDefense, and Kaspersky to conduct tests of platform service security vigorously.
In the long list, TrustArc and Ernst & Young are the most credible third-party organizations invalidating or auditing security and compliance. With the proactive approach to certification and security cooperation, it is safe to say that Tuya Smart is a firm that attaches the greatest importance to safety and compliance.
At this year’s CES, manufacturers, developers, and suppliers are eager to present fresh electronics. But as consumers look to new electronics to bring into their homes, one of the features they will increasingly look for is trust and security assurance. It cannot be ignored that security is the guardian and foundation for all software and hardware products. This year the new offerings from Tuya Smart are a solid contribution to security for the IoT industry.
About Tuya Smart
Tuya Smart (NYSE: TUYA) is a leading technology company focused on making our lives smarter. Tuya does this by offering a cloud platform that connects various devices via the IoT. Tuya bridges the intelligent needs of brands, OEMs, developers, and retail chains across a broad range of smart devices and industries by building interconnectivity standards. Tuya solutions empower partners and customers by improving the value of their products while making consumers’ lives more convenient through technology. Through its growing commercial SaaS business, Tuya offers intelligent business solutions for a wide range of verticals. The Company’s platform is backed by industry-leading technology, complete with rigorous data protection and security. Tuya partners with leading Fortune 500 companies worldwide to make things smarter, including Philips, Schneider Electric, Lenovo, and many others.