min reading time
In parallel with the explosive development of digitalization and online work, worrisome statistics regarding cyberattacks are expanding yearly. The outbreak of the pandemic in 2020 significantly increased the wireless security risk and contributed even more to the success of cybercriminals, as many companies had to switch to the home office or hybrid work model almost overnight without any preparation.
Cybercriminals use increasingly advanced methods and sophisticated solutions to find security gaps and vulnerabilities in a variety of ways. The widely used wireless devices and the sensitive data shared through these products provide a large potential area for malicious attacks. Jabra recognized this problem and was the first in the world to obtain Common Criteria certification for two types of wireless headset devices.
In our article below, we introduce the potential cyber dangers wireless devices - including headsets - are exposed to, as well as the benefits that Common Criteria evaluation and certification can bring to manufacturers of such products.
The ever-increasing number of cyberattacks worldwide poses a huge challenge to all sectors. “Cyberattacks increased by 42% in the first half of 2022 compared to the same period in 2021.” “Approximately 15 million data records were exposed globally due to data breaches in the third quarter of 2022. This amount has climbed by 37 percent compared to the previous quarter.”- just to mention some of the latest statistics.
Today, cybercriminals have extremely advanced and diverse technology with which they can easily uncover security gaps and vulnerabilities. Systems and IT products that are not properly secured can easily fall victim to a malicious attack. Wireless devices are no exception.
Wireless devices connected to the network via Bluetooth or other technology make our life and work easier in countless ways. Unprotected and cybersecurity-untested devices, however, represent a significant potential source of danger for users.
The COVID-19 pandemic has multiplied the number of hybrid and remote workplace models. As a result, online work has grown enormously. A significant part of corporate processes has moved into the digital space, including managing finances and sharing confidential company data. According to this, securing the communication channels as well as the devices used, (including wireless devices such as headsets and microphones) are critical when installing the proper cybersecurity infrastructure.
The most common attacks of Bluetooth devices:
Wireless headphones are in daily use in homes and workplaces but are often overlooked when it comes to cybersecurity. The most common potential risks of headphones and headphone software include:
The Common Criteria for Information Technology Security Evaluation (ISO 15408) is a framework of globally recognized and scalable cybersecurity certification standards. A Common Criteria (CC) certification assures that an IT product or system was defined, implemented, and evaluated in a rigorous, standard, and repeatable manner at a level appropriate for the intended environment. All CCRA member nations recognize Common Criteria certificates which currently means 31 countries.
Although Common Criteria certification is not mandatory for wireless devices; it provides the manufacturer with a significant advantage over its competitors in addition to making the product more secure.
The Danish company Jabra - which specializes in audio equipment and more recently video conferencing systems-, exploited this opportunity when it got its headphones evaluated against the Common Criteria standards this year.
The spread and frequent use of wireless headphones and headsets become a huge risk for business owners, employees, and consumers during business or private talks where critical information and data are transmitted. Jabra addresses these difficulties head-on with its ASD-certified DECT Engage devices, giving a secure solution for any company or IT department to deploy into places where conversations are sensitive and require deeper security.
In August 2022, Jabra's Engage 65 and Engage 75 DECT wireless headphones got successfully certified by the Australian Certification Authority (ACA) of the Australian Signal Directorate (ASD).
The devices were evaluated and certified at the Evaluation Assurance Level (EAL) 2 by the Australian government's Common Criteria Evaluation and Certification Program. With this, Jabra’s products are the first (and at the moment only) secure headsets on the Common Criteria's Certified Products List.
With the increase in cyber attacks, there is a clear growth in the demand for proven secure systems and devices both from the reseller and end-user side. In other words, those manufacturers who cannot prove the security of their products will certainly remain at a disadvantage against their competitors in the future.
With the drastic increase in digitalization and online work, the risks, possible security gaps, and vulnerabilities of wireless devices (particularly headsets and speaker phones) have come to the fore.
Obtaining Common Criteria certification, therefore, is recommended for manufacturers, who want to maintain or even increase the trust of their customers as well as gain a significant competitive advantage in the market, while also making their wireless devices more secure.
At CCLab, we are prepared to support you throughout the entire process using our extensive experience and industry-leading agile process in Common Criteria evaluations. Besides the assessment, we offer consultation services to assist you to plan for the project so that you may avoid delays and excessive costs throughout the Common Criteria certification process.
Reach out to us regarding your Common Criteria evaluation project and let's discuss the details.
Learn everything you need to know for a successful Common Criteria evaluation project. Save costs and efforts with your checklist.
Download our ETSI EN 303 635 infographics today and learn about the product certification process for this consumer IoT device cybersecurity standard.
In the cybersecurity landscape, the Common Criteria Evaluation Assurance Level (EAL) is a critical factor in determining the security posture of a product. The EAL chosen for a product can significantly impact its security measures, evaluation processes, and user trust. This article delves into the importance of selecting the right EAL and the consequences of misjudgment and provides a step-by-step guide to aid in this crucial decision-making process.
min reading time
Ensuring the trustworthiness of IT products and systems is essential for users and the broader digital ecosystem. One critical aspect of this assurance comes from the evaluation and certification processes defined by the Common Criteria Protection Profile (CC PP) library. In this article, we delve into the significance of Protection Profiles in the certification process and explore some of the most common profiles contributing to information security's robustness.
min reading time
The annual International Conference on Common Criteria (ICCC) stands as a high-level technical conference. Celebrating its 21st year, this event provides a platform for professional networking and discussion forums on CC policy and implementation for those involved in the specification, development, assessment, certification, and validation of IT security for products and systems.
min reading time