11 May 2017 — The LG webOS 3.5 smart TV platform was recognized with a Common Criteria (CC) certification for its enhanced Application Security Solution Version 1.0 software.
By snagging another internationally-recognized security certification, LG continues to demonstrate that its smart TVs are among the strongest when it comes to smart TV security. The recognition comes at a time when consumers are increasingly concerned about the potential of privacy breaches on their Internet-connected devices.
Security Manager, the webOS 3.5 security software module, was tested in accordance with Common Criteria’s rigid benchmarks. CC’s internationally-recognized ISO/IEC 15408 standards are used by governments, banks, and other organizations to assess the security capabilities of individual products including 27 member countries from around the world including Australia, France, Japan, Korea and the United States.
The test examined three phases of smart TV security: application installation protection, application execution protection and application content protection with digital rights management (DRM) encryption.
LG webOS 3.5 Smart TV
LG webOS 3.5 provides excellent application installation protection and blocks the installation of unauthorized apps by conducting a rigorous digital signature verification process.
The LG App Store server oversees the digital signature generation process to ensure that webOS 3.5 installs applications downloaded only from the LG App Store. LG webOS 3.5 also delivers protection depending on the type of application – platform apps (also known as native apps) or web apps.
For native apps, webOS 3.5 implements sandboxing technology according to each application’s security attributes to block access to unauthorized system directories/files, device files and other data. LG webOS 3.5 allows web applications to use only approved application programming interfaces (API) to prevent these web apps from directly accessing sensitive information in the file system.
In addition, the latest webOS offers a powerful DRM license verification process designed to decrypt the encrypted content inside RAM (random-access memory) and to create a clean backup of encrypted content in flash memory.