Connect with us

Published

10 months ago

on

Consumers have become accustomed to all sorts of labels and seals of approval on products in the shopping process, from the Energy Star to sustainability standards. Next up, shoppers should prepare for a hacking-safe seal of approval in the works for home gadgets and appliances coming from the federal government.

Last July, the Biden administration and the Federal Communications Commission proposed the creation of the U.S. Cyber Trust Mark program, a voluntary cybersecurity product-labeling initiative to help consumers choose internet-connected devices that are certified by manufacturers as safe from hackers, scammers and other cyber criminals.

The final details are still to be determined, but as proposed, the program will require participating manufacturers of smart, internet of things (IoT) devices — including doorbell cameras, voice-activated speakers, baby monitors, TVs, kitchen appliances, thermostats and fitness trackers — to meet a series of cybersecurity standards developed by the National Institute of Standards and Technology (NIST). That includes unique passwords, data protection, software patches and updates, and incident detection capabilities.

Not included in the program, as it now stands, are smartphones, personal computers, routers and certain internet-connected medical devices, such as smart thermometers and CPAP machines, which are protected by Federal Drug Administration regulations. Also excluded are motor vehicles and the data stored in them, which are overseen by the National Highway Traffic Safety Administration, and where data privacy concerns have been rising.

The program will rely on public-private collaboration, with the FTC providing oversight and enforcement, and approved third-party label administrators managing activities such as evaluating product applications, authorizing use of the label and consumer education. Compliance testing will be handled by accredited labs.

Packaging for products that meet the criteria will carry a U.S. Cyber Trust Mark shield logo emblazoned with a QR code that consumers can scan on a smartphone to receive detailed, up-to-date security information about that particular device. “Just like the Energy Star logo helps consumers know what devices are energy efficient, the Cyber Trust Mark will help consumers make more informed purchasing decisions about device privacy and security,” said FCC chairwoman Jessica Rosenworcel.

To date, Amazon, Best Buy, Google, LG Electronics U.S.A., Logitech and Samsung Electronics have committed to the program, though none of those companies has yet to use the symbol.

Holiday season labeling is goal, but an unlikely one

In March, the FCC voted to approve the program, aiming to launch it later this year. During a cybersecurity panel discussion in May at Auburn University’s McCrary Institute in Washington, Nicholas Leiserson, the White House’s assistant national cyber director for cyber policy and programs, said, “You should hopefully, by the holiday season, start to see devices that have this [Cyber Trust Mark] on it.”

Despite the administration’s best intentions, however, consumers shouldn’t expect to see products bearing the symbol until early next year, at the soonest. In an email asking about the timeline for the launch, an FCC spokesperson did not provide any specific dates.

“We are now in the process of standing up this comprehensive program as quickly as possible,” the spokesperson said. “It is currently undergoing the standard intergovernmental review process that is required for new rules of this sort. Once that process is complete, we will communicate publicly about next steps.”

In the meantime, manufacturers are also awaiting definitive rules, said David Grossman, vice president of policy and regulatory affairs for the Consumer Technology Association, which represents more than 1,000 tech companies. “Once a manufacturer receives certification for the Trust Mark, they will need additional time to retool their packaging, as well as shipping updated products from the manufacturer to retailers,” he said.

70 million U.S. homes actively using smart devices

While the program’s particulars are being hammered out, it’s worth looking at why consumers need the protection it will provide. In 2024, according to research firm Statista, nearly 70 million homes in the U.S. are actively using smart devices, up more than 10% from last year. That number is expected to reach 100 million homes by 2028. What’s more, the average U.S. household contains around 25 connected devices.

Many of those devices, as well as the Wi-Fi networks and routers that connect them, lack adequate security safeguards. A 2023 study by research firm Park Associates found that nearly 75% of U.S. households with internet service were concerned about the security of their personal data, while 54% reported experiencing a data privacy or security issue in the past 12 months, an increase of 50% over five years.

Staffers from Consumer Reports attended a White House meeting during which the Cyber Trust Mark program was announced. The organization subsequently conducted an American Experiences Survey that included questions about the program and the types of data-protection information consumers would like to have before purchasing a smart device.

About two-thirds of those polled (69%) said that it is very important to have information about who the collected data is shared with or sold to, and 92% said that such information is either very or somewhat important. Three out of four respondents said that it is the responsibility of the manufacturers of those devices to provide privacy and security information to consumers, while only 8% said the government is responsible.

“It is incredibly important to make a consumer-legible standard for IoT devices, because right now it is totally a Wild West,” said Stacey Higginbotham, a cybersecurity expert and writer for Consumer Reports. “Consumers really care about having this kind of information, so that’s why we need the program.”

Higginbotham cited the breadth of the proposed program for requiring more stringent levels of cybersecurity, not only for devices themselves, but also the internet services that connect them and the cloud networks where personal data is stored. She was glad, too, that it includes a guaranteed support timeframe, stipulating the number of years that a product maker will continue to provide software security updates and patches.

A voluntary program is business reality

One criticism is that the program is voluntary for manufacturers. “I would love to see this as a mandatory program,” Higginbotham said, “but the reality in the U.S. is that it will have to be a voluntary program,” she added, referring to the business community’s frequent pushback against government-mandated regulations.

“If you’re going to participate, you’re going to have to meet the requirements the FCC has established. Device manufacturers don’t want the agency dictating things such as the size of the Cyber Trust Mark on packaging or where exactly it has to be displayed,” Grossman said. “You want something that’s easily recognizable to consumers, but you also want to ensure manufacturers have flexibility.”

Grossman said that means companies may shy away from making the commitment if the final proposal is too prescriptive. “If the requirements are too burdensome, I don’t think that companies are going to be as eager to step up to the plate and participate,” he said.

Barry Mainz, CEO of Forescout Technologies, a cybersecurity provider, says he is a big fan of the Cyber Trust Mark. “It’s a good step in the right direction to making it a little bit more complicated to get into these devices,” he said. Nonetheless, he worries about the millions of IoT devices in people’s homes today that are vulnerable to cyberattacks and can’t retroactively get a label. “What responsibility do the companies creating these devices have?” he said. Some of the more popular products, like smart TVs and door locks, could be voluntarily upgraded by their manufacturers to prevent hacking as a goodwill measure, Mainz said, “so that people that couldn’t afford to go out and buy new things could ensure that they were safe.”

Steps to take now to protect your home internet

There are actions consumers can take right now, before the Cyber Trust Mark program kicks in, to harden their cybersecurity. Perhaps the most important component to focus on are the routers that wirelessly interconnect devices. They ship from manufacturers with a default password, which a hacker could change in order to spy on you or access files on a network-attached hard drive. Immediately create your own strong and unique password, not only for the router but also for each of the connected devices, and use two-factor authentication if available. If you have a guest network on the router, set it up with a separate password. Also be sure the router’s software is current, usually by activating the automatic update feature, though you can check the manufacturer’s website for patches that can be downloaded and installed.

Of course, you could take the Luddite approach and simply avoid all of this IoT technology and devices. But for the millions of consumers who embrace the smart home, the Cyber Trust Mark — once it’s in place — should provide a heightened measure of cybersecurity and keep them one step ahead, or at least in the race, with the bad guys.

Related Topics:
Continue Reading

Technology

French fintech Pennylane doubles valuation to $2.2 billion as Alphabet’s venture capital arm takes stake

Published

7 hours ago

on

April 6, 2025

By

French fintech Pennylane doubles valuation to .2 billion as Alphabet's venture capital arm takes stake

Seksan Mongkhonkhamsao | Moment | Getty Images

French accounting software firm Pennylane has doubled its valuation to 2 billion euros ($2.16 billion) in a new 75 million euro funding round.

Pennylane told CNBC that it raised the fresh funds from a host of venture funds, with Sequoia Capital leading the round and Alphabet’s CapitalG, Meritech and DST Global also participating.

Founded in 2020, Pennylane sells what it calls an “all-in-one” accounting platform that’s used by accountants and other financial professionals.

The platform is primarily targeted toward small to medium-sized firms, offering tools for functions spanning expensing, invoicing, cash flow management and financial forecasting.

“We came in tailoring a product that looks a bit like [Intuit’s] QuickBooks or Xero but adapting it to the needs of continental accountants, starting with France,” Pennylane’s CEO and co-founder Arthur Waller told CNBC.

Pennylane currently serves around 4,500 accounting firms and more than 350,000 small and medium-sized enterprises. The startup was previously valued at 1 billion euros in a 2024 investment round.

European expansion

For now, Pennylane only operates in France. However, after the new fundraise, the startup now plans to expand its services across Europe — starting with Germany in the summer.

“It’s going to be a lot of work. It took us approximately five years to have a product mature in France,” Waller said, adding that he hopes to reach product maturity in Germany in a shorter time period of two years.

Pennylane plans to end the year on about 100 million euros of annual recurring revenue — a measure of annual revenue generated from subscriptions that renew each year.

Watch CNBC's full interview with Plaid CEO Zach Perret

“We are going to get breakeven by end of the year,” Waller said, adding that Pennylane runs on lower customer acquisition costs than other fintechs. “75% of our costs are R&D [research and development],” he added.

Pennylane also plans to boost hiring after the new funding round. It is looking to grow to 800 employees by the end of 2025, up from 550 currently.

‘Co-pilot’ for accountants

Like many other fintechs, Pennylane is embracing artificial intelligence. Waller said the startup is using the technology to help clients automate bookkeeping and free up time for other things like advisory services.

“Because we have a modern tech stack, we’re able to embed all kinds of AI, but also GenAI, into the product,” Waller told CNBC. “We’re really trying to build a ‘co-pilot’ for the accountant.”

We are seeing a rebound in fintech valuations, says N26 CEO

He added that new electronic invoicing regulations coming into force across Europe are pushing more and more firms to consider new digital products to serve their accounting needs.

“Every business in France within a year from now will have to chose a product operator to issue and receive invoices,” Waller said, calling e-invoicing a “huge market.”

Luciana Lixandru, a partner at Sequoia who sits on the board of Pennylane, said the reforms represent a “massive market opportunity” as the accounting industry is still catching up in terms of digitization.

“The reality is the market is very fragmented,” Lixandru told CNBC via email. “In each country there are one or two decades-old incumbents, and few options that serve both SMBs and their accountants.”

Continue Reading

Technology

TikTok reportedly stays on App Store after assurance from Attorney General Pam Bondi

Published

9 hours ago

on

April 6, 2025

By

TikTok reportedly stays on App Store after assurance from Attorney General Pam Bondi

In this photo illustration, the logo of TikTok is displayed on a smartphone screen on April 5, 2025 in Shanghai, China. 

Vcg | Visual China Group | Getty Images

Apple will keep ByteDance-owned TikTok on its App Store for at least 75 more days after receiving assurances from Attorney General Pam Bondi, according to a report from Bloomberg News.

This comes after President Donald Trump signed an executive order Friday to extend the TikTok ban deadline for the second time. TikTok will be banned in the U.S. unless China’s ByteDance sells its U.S. operations under a national security law signed by former President Joe Biden in April 2024.

AG Bondi wrote in a letter to Apple that the company should act in accordance with Trump’s deadline extension and that it would not be penalized for hosting the platform, according to unnamed sources cited in the report.

Apple did not respond to a request for comment.

After TikTok went briefly offline for U.S. users in January following the initial ban deadline, it remained unavailable for download in the App Store until Feb. 13. Apple had reinstated TikTok to its app store after receiving a similar letter of assurance from Bondi.

The extension comes days after Trump announced cumulative tariffs of 54% on China. Prior to the additional tariff rollout on April 2, the president said he could reduce duties on the country to help facilitate a deal for ByteDance to sell its U.S. operations of TikTok.

“Maybe I’ll give them a little reduction in tariffs or something to get it done,” Trump said during a press conference in March. “TikTok is big, but every point in tariffs is worth more than TikTok.”

WATCH: TikTok deal reportedly halted after China said it would reject it due to tariffs

TikTok deal reportedly halted after China said it would reject it due to tariffs

Continue Reading

Technology

For bitcoin bulls who self-custody crypto, the global risks are growing

Published

15 hours ago

on

April 6, 2025

By

For bitcoin bulls who self-custody crypto, the global risks are growing

Whether to buy cryptocurrency as a long-term holding may be the biggest decision an investor interested in digital assets has to make, but where to store crypto like bitcoin can become the most consequential.

Following the wildfires earlier this year in California, social media posts began to appear with claims of bitcoin losses, with some users showing metal plates intended to protect seed phrases burnt up and illegible or describing the complexity of recovering crypto keys stored in a safety deposit box in a bank impacted by the fires. While impossible to verify individual claims about fires consuming hard drives, laptops and other storage devices containing so-called hard and cold storage crypto wallets and seed phrases, what is certain is that bitcoin self-custody presents a unique set of security issues. And those risks are growing.

Holders of crypto typically use some form of what can be called a “wallet,” and there are a few main features – whether that wallet is connected to the internet, and how much control is directly embedded in the wallet for trades and transfers. There is also the underlying issue of whether a crypto investor uses a third party for custody at all, or maintains total custody and trading control over their holdings.

The standard third-party platform “hot wallet” – think of an offering from a Coinbase or Blockchain.com – is constantly connected to the internet. Cold storage and “cold wallets,” on the other hand, include hardware devices (like a USB stick) that holds private keys offline, or even just a seed phrase (a master recovery code, a collection of 12 to 24 words used to recover access to a crypto wallet) on paper/metal. Hardware wallets or offline backups of seed phrases can be used to access crypto when connected to the internet through another device.

With third-party custodial options, there are steps to help owners remain vigilant against the threat posed by cybercriminals who can gain access to an internet-connected platform, including the use of two-factor authentication, and strong passwords. The U.S. Marshals Service within the Department of Justice, which is responsible for asset forfeiture from U.S. law enforcement, uses Coinbase Prime to provide custody for its seized digital assets.

Many crypto bulls prefer to self-custody digital assets like bitcoin for some of the same reasons they are interested in cryptocurrencies to begin with: lack of faith in some forms of institutional control. Custodial wallets from crypto brokers trade convenience for the risk of exchange hacks, shutdowns, or fraud, as in the case of the high-profile implosion of FTX. And the wildfires are just one example in a recent string of global events that raise more questions about shifts in the crypto custody debate. There is the ongoing conflict in the Middle East and Russia-Ukraine war, which has led crypto bulls from overseas to re-think their approach to self-custody.

Nick Neuman, co-founder and CEO of self-custody company Casa, said physical risks in the world like a natural disaster are an opportunity to revisit how bitcoin security works, and the common security lapses folded into most peoples’ practices. “Most people secure their bitcoin with one private key. If that key is on a single device or written down on paper as a seed phrase, it’s a single point of failure. If you lose that key, your bitcoin is gone,” he said.

It should be obvious that keeping seed phrases on paper offers the lowest level of protection against fire, yet it is common practice, Neuman said. Slipping these pieces of paper into fireproof bags or safes offer some protection, but not much, and even going the extra steps to have the seed phrases on “indestructible” metal storage plates presents a few failure points. For one, they might prove to be not so indestructible, and second, they may be impossible to locate amid the rubble. 

“Logically, given the location of the fires in California and the stories being shared on X, it’s highly likely bitcoin was lost,” said Neuman. “Some of them are pretty convincing,” he said.

Casa performs annual stress tests on seed phrase backups.

Some self-custody services, like Casa, offer multi-signature setups that reduce the risks of single-point failure. A multi-key crypto “vault” can include mobile phone keys, multiple hardware keys, and a recovery key that a company likes Casa holds on an owner’s behalf.

The multi-sig custody approach allows an owner to hold a majority of keys while a trusted partner holds a minority of keys. John Haar, managing director at Swan Bitcoin, says that in such a setup, the owner would need to lose all the physical devices and all copies of the seed phrases at the same time. As long as the owner can access at least one device or one seed phrase, they would be able to recover their bitcoin. This approach should significantly limit the potential for all of the devices to be lost in an event like a natural disaster, Haar said.

“You can spread these keys across multiple regions or even countries, and you need any three of the five keys to approve a bitcoin transaction,” Neuman said of Casa’s five-key approach.

Jordan Baltazor, chief administrative officer at Fortress Trust, a regulated crypto custodian, says best practices that we use in other areas of personal life should apply to cryptocurrency. For one, diversification of storage approach and weighing of risks. Digital assets are no different, he says, when it comes to backing up personal and sensitive data on the cloud to ensure data against loss or corruption.

Companies including Coinbase and Jack Dorsey’s Block offer products that try to merge some of these ideas, creating a more secure version of a crypto wallet that remains convenient to use. There is Coinbase Vault, which includes enhanced security steps before a user can access crypto holdings for trading. And there is Coinbase Wallet and Block’s Bitkey, which have mobile apps that work like a traditional wallet making moving bitcoin around easy, but with the ability to pair with hardware wallets and added security more commonly associated with cold storage.

Bitkey hardware requires multiple authorizations for transactions for added security, similar to “multi-sig wallets.” Bitkey also offers recovery tools so one of the biggest risks of self-custody — losing codes or phrases needed to recover a cold wallet — is less of an issue.

Solutions like Dorsey’s may help to solve the tension between convenience and security; at minimum, they underline that this tension exists and will likely be something of a roadblock to more widespread crypto adoption. Beyond the risks out there in the form of wildfires, all kinds of natural disasters, and wars, bitcoin self-custody can be vulnerable to the biggest personal risk of all: unexpected death of the bitcoin owner. There is arguably nothing more complicated than inheritance when it comes to unlocking the crypto chain of custody.

Coinbase requires probate court documents and specific will designations before releasing funds from custody, while physical wallets offer little to no support, potentially leaving all that digital value stuck on a private key. Bitkey rolled out its inheritance solution in February for what a Bitkey executive called, “kind of a multibillion-dollar problem waiting to happen.”

“People who have a material investment in bitcoin absolutely need to be thinking differently about how to protect it,” Neuman said. He says that after disasters like the California wildfires, or when exchanges go bust like FTX, the industry does see more crypto holders taking action to move to more secure storage setups. “I suppose it’s human nature to wait until ‘bad things happen’ to spur action to improve your own personal situation,” he said. “But I think people would be better off if they were more proactive. Otherwise, they risk having that ‘bad thing’ happen to them, and then it’s too late,” he said.

Continue Reading

Trending