LG’s webOS 3.5 smart TV platform was recognized with a Common Criteria (CC) certification for its enhanced Application Security Solution Version 1.0 software. The recognition comes at a time when consumers are increasingly concerned about the potential of privacy breaches on their Internet-connected devices.
Security Manager, the webOS 3.5 security software module, was tested in accordance with Common Criteria’s rigid benchmarks used by governments, banks, and other organizations to assess the security capabilities of individual products including 27 member countries from around the world including Australia, France, Japan, Korea and the United States.
“We have taken every possible step to ensure that webOS 3.5 offers excellent application protection and the highest level of privacy security,” said J.H. Hwang, senior vice president and head of R&D at LG’s Home Entertainment Company. “Consistent with customers’ concerns over product security issues, we have enhanced the security of our smart TV platform. Certification by Common Criteria confirms that we’re on the right track when it comes to customer privacy and data protection.”
The test examined three phases of smart TV security: application installation protection, application execution protection and application content protection with digital rights management (DRM) encryption.
LG webOS 3.5 provides excellent application installation protection and blocks the installation of unauthorized apps by conducting a rigorous digital signature verification process. The LG App Store server oversees the digital signature generation process to ensure that webOS 3.5 installs applications downloaded only from the LG App Store.
LG webOS 3.5 also delivers protection depending on the type of application – platform apps (also known as native apps) or web apps. For native apps, webOS 3.5 implements sandboxing technology according to each application’s security attributes to block ac-cess to unauthorized system directories/files, device files and other data.
LG webOS 3.5 allows web applications to use only approved application programming interfaces (API) to prevent these web apps from directly accessing sensitive information in the file sys-tem. In addition, the latest webOS offers a powerful DRM license verification process designed to decrypt the encrypted content inside RAM (random-access memory) and to create a clean backup of encrypted content in flash memory.
