Bonn, February 13, 2018
Smart homes take over many mundane tasks, making our lives easier and more convenient. The top priority for smart home users, however, is providing high quality security for their homes and personal data. For the fourth year in a row, QIVICON, Deutsche Telekom's white-label, manufacturer-independent smart home platform, has been certified as "secure" (01/2018) by the AV-TEST testing organization. Based on open standards and partnerships, QIVICON encompasses a broad ecosystem of devices, and has a strong emphasis on data security and privacy.
Security as a key element of smart home platforms
Splendid Research, a market-research institute, has discovered that over half of all smart home owners are concerned about threats to their privacy. "For us, as providers of smart home products, this result is a good indication of the need to regularly review the security of our solutions," notes Thomas Rockmann, head of Connected Home. "This is why we again commissioned AV-TEST GmbH, an independent testing institute, to review the security of our QIVICON smart home platform and our SmartHome app."
The most important questions with regard to security in a smart home context are a) Are all connected devices and integrated systems sufficiently protected against unauthorized third-party access? and b) What happens with data collected during installation and use of smart home systems?
QIVICON's multi-layer security concept
A multi-layer security concept covers all components of Deutsche Telekom's range of smart home products and systems, and customers can rest assured that the concept prevents tampering and supports secure communication. What's more, data privacy and protection of personal data are also assured as the platform processes only data of direct relevance to system operation, and Deutsche Telekom emphasizes "data economy" as a general principle.
The heart of a QIVICON-system smart home is the QIVICON "Home Base." The Home Base is the central unit via which users control all connected devices in their smart homes. Alternatively, a Speedport Smart router from Deutsche Telekom can also serve as the control unit for Magenta SmartHome products. The only data that is stored on a Home Base or Speedport Smart consists of data for connected devices, such as: device numbers, status (on/off), and sensor data; log files for error analysis; and of individually customized automated processes. Status data and log files are deleted automatically after defined periods. No personal data, such as names, addresses, or customer numbers, are saved on Home Base or Speedport Smart units. Passwords for local access are stored only in encrypted form (protected by hash algorithms).
Personal data belonging to Magenta SmartHome users is stored on certified, high-security Deutsche Telekom servers located in Germany. The servers conform to Germany's strict data privacy and data protection laws, and undergo regular, comprehensive security audits. In such audits, security experts use specially designed attack scenarios to check systems for security vulnerabilities.
Secure encryption is a minimum standard for smart homes using Magenta SmartHome – all communication between a) Home Bases and Speedport Smart routers and b) security servers is encrypted with strong algorithms. Communication between individual devices and Home Bases or Speedport Smart routers conforms to wireless standards with state-of-the-art security functionality. The supported wireless standards include ZigBee, HomeMatic, Homematic IP, DECT ULE and IP. As a result, Magenta SmartHome users are well protected against the threat of hacker attacks. This has been confirmed by AV-TEST's 2018 smart home test rating.
The 2018 AV-TEST security test in detail
The test confirmed that QIVICON platform systems use secure authentication both within their local networks and in app-based remote access. All connections are protected and encrypted via the Transport Layer Security (TLS) 1.2 protocol; this prevents unauthorized reading and manipulation of data. QIVICON-platform systems are also well protected against "man-in-the-middle" attacks, in which attackers secretly acquire control over data traffic between the Home Base and connected devices.
AV-TEST's team examined the QIVICON Home Base 2 in combination with the Magenta SmartHome App for Apple and Android devices. The devices communicated with the Home Base via wireless IP.
The testers praised the platform's data privacy and data protection standards. The QIVICON platform met the AV-TEST certification program's security requirements, with a test result of "secure," and was certified as an "approved smart home product."
Deutsche Telekom AG
Tel.: +49 (0) 228 181 – 49494
Further information for the media: