null

Product-Security

We are vigilant about securing your connected appliance.


We are vigilant about securing your connected appliance.


With all of our brands, we are keenly aware of the need to protect your appliance and data. Steps are taken during all aspects of the development, manufacturing, and maintenance of your appliance using industry standard security methodologies - similar to online banking and other electronic commerce. We regularly test and evaluate to ensure these industry standard security practices are met. Your connected appliance may be updated via Internet connection to keep your appliance and data secure.

WE BUILD APPLIANCES AROUND THESE CORE SECURITY VALUES

Security by Design
and Default

Security is ingrained in our business culture and in the way we developed your connected appliance. It’s a business policy that security is "built-in" to every aspect of our process. It's built-in during all phases of development, manufacturing, and maintenance. Your appliance is secure without user configuration or specific router settings.

Read more about security by design and default

Security by Design

Security controls to protect appliance data, user authentication and authorization, and how the system will be securely maintained are integrated into the functional features of the appliance. The software meets industry best practice coding standards and is developed by the Test-Driven Development software method. Any third-party and open source software is analyzed for security and the safety of your appliance and data.

Prior to deployment, the appliance undergoes extensive software security and performance testing. Security penetration testing on the connected system and its components–the appliance, mobile app, and cloud—is done regularly post-deployment. Software updates are released to ensure the appliance has the latest security code to protect your appliance and data.

Security by Default

Every connected appliance has all security features enabled when the appliance is first connected. No need for any special configurations or specific router settings needed.

Your appliance connects to your Wi-Fi router using the WPA2 network security protocol. The appliance does this even if your router is not set to this configuration. That’s just one example of how Security by Default is engineered into your appliance.

Defense
In Depth

Every component of our connected appliance ecosystem has security controls that provide independent redundancy to protect against malicious attacks.

Read more about Defense in Depth

We ensure security controls are implemented in layers for data protection at rest and in transit. This layered approach strengthens the security of our entire ecosystem. We are continuously testing and reviewing the security systems, if needed, these layers can be updated and improved by software patches.

Security by
Transparency

Our security controls and methodologies are industry standard. Our goal is to communicate our actions with openness and accountability. We are industry leaders in IoT security and promote transparency to help educate our owners. Reach out to us if you have any questions or concerns. Please see below under our RATINGS AND AWARDS section for current evaluations of our appliance products.

Read more about Security by Transparency

We ensure these best practices are applied to your appliance and its IoT ecosystem through regular penetration testing. We work with ethical hackers and security researchers to evaluate the security of your smart appliance and system through third-party evaluations.

Security is ingrained in our business culture and in the way we developed your connected appliance. It’s a business policy that security is "built-in" to every aspect of our process. It's built-in during all phases of development, manufacturing, and maintenance. Your appliance is secure without user configuration or specific router settings.

Read more about security by design and default

Security by Design

Security controls to protect appliance data, user authentication and authorization, and how the system will be securely maintained are integrated into the functional features of the appliance. The software meets industry best practice coding standards and is developed by the Test-Driven Development software method. Any third-party and open source software is analyzed for security and the safety of your appliance and data.

Prior to deployment, the appliance undergoes extensive software security and performance testing. Security penetration testing on the connected system and its components–the appliance, mobile app, and cloud—is done regularly post-deployment. Software updates are released to ensure the appliance has the latest security code to protect your appliance and data.

Security by Default

Every connected appliance has all security features enabled when the appliance is first connected. No need for any special configurations or specific router settings needed.

Your appliance connects to your Wi-Fi router using the WPA2 network security protocol. The appliance does this even if your router is not set to this configuration. That’s just one example of how Security by Default is engineered into your appliance.

Defense In Depth

Every component of our connected appliance ecosystem has security controls that provide independent redundancy to protect against malicious attacks.

Read more about Defense in Depth

We ensure security controls are implemented in layers for data protection at rest and in transit. This layered approach strengthens the security of our entire ecosystem. We are continuously testing and reviewing the security systems, if needed, these layers can be updated and improved by software patches.

Security by Transparency

Our security controls and methodologies are industry standard. Our goal is to communicate our actions with openness and accountability. We are industry leaders in IoT security and promote transparency to help educate our owners. Reach out to us if you have any questions or concerns. Please see below under our RATINGS AND AWARDS section for current evaluations of our appliance products.

Read more about Security by Transparency

We ensure these best practices are applied to your appliance and its IoT ecosystem through regular penetration testing. We work with ethical hackers and security researchers to evaluate the security of your smart appliance and system through third-party evaluations.

RATINGS AND AWARDS

We are proud to have achieved the Gold verification level for UL’s IoT Security Rating. We are the first household appliance company to have a full suite of connected appliances and the first to earn this rating. After a thorough evaluation, we demonstrated Gold Level security capabilities that align to industry best practices. This recognition validates our long-standing commitment to consumer data protection, transparency and investment in security, and further demonstrates our cybersecurity capabilities to our retailers, and regulators while providing peace of mind to our consumers. For a complete list of our appliances evaluated under this rating, please visit here.

GE Appliances was recognized for IoT Security innovation with the 2020 Cybersecurity Breakthrough Award for the IoT Device Security Solution of the Year.

GE Appliances was recognized for IoT Security innovation with the 2020 Cybersecurity Breakthrough Award for the IoT Device Security Solution of the Year.

QUESTIONS ABOUT SECURITY

We are committed to answering your questions or any concerns you may have. With all of our brands, our goal is to ensure your satisfaction, while offering the highest levels of professional service. For security pointers on configuring your home router, good security Internet hygiene, and keeping your devices up to date, please read our Smart Home Security Guidance section below. If this does not address your needs, please call our support line.

Connected Home Support Line
1-800-220-6899
Monday – Friday: 9 a.m. – 11 p.m. ET
Saturday – Sunday: 9 a.m. – 3 p.m. ET

Or email us at: connected@help.geappliances.com

Or, if you have a specific security concern or believe you have found a security vulnerability with one of our connected appliances, please contact the GE Appliances Product Security Incident Response Team (GEA-PSIRT) by emailing them at: GEAppliancesProductSecurity@geappliances.com.

GEA-PSIRT supports PGP encryption using the GE Appliances Connected Home PGP Key to encrypt your email. In your email, please include the following information:

    • Appliance Product Name(s), Model(s), and Serial Number(s)
    • The information on your Connected Appliance Information sticker
    • Description of the concern or vulnerability
    • Information to help GEA-PSRIT to replicate the issue, such as configuration details, a proof-of-concept, or exploit code
    • Whether or not you would like to be contacted in case more information is needed, and
    • Whether or not you would like to be acknowledged in helping us to improve our products. Should you choose to remain anonymous, GEA-PSIRT will not publicly disclose your identity. Maintaining your privacy is important and we will not publicly disclose your identity unless you inform us otherwise.

GEA-PSIRT will respond if further information is needed to investigate a security issue. Please note, GE Appliances does not disclose, discuss, or confirm any security issue until a full investigation is complete and any necessary press releases, security patches, and releases are available.

We acknowledge security researchers who have selected not to opt-out and who have reported security issues on all our brands of appliances through contacting GEA-PSIRT on the GE Appliances Connected Home Security Researchers Credit Page.

We are committed to answering your questions or any concerns you may have. With all of our brands, our goal is to ensure your satisfaction, while offering the highest levels of professional service. For security pointers on configuring your home router, good security Internet hygiene, and keeping your devices up to date, please read our Smart Home Security Guidance section below. If this does not address your needs, please call our support line.

Connected Home Support Line
1-800-220-6899
Monday – Friday: 9 a.m. – 11 p.m. ET
Saturday – Sunday: 9 a.m. – 3 p.m. ET

Or email us at: connected@help.geappliances.com.

Or, if you have a specific security concern or believe you have found a security vulnerability with one of our connected appliances, please contact the GE Appliances Product Security Incident Response Team (GEA-PSIRT) by emailing them at: GEAppliancesProductSecurity@geappliances.com.

GEA-PSIRT supports PGP encryption using the GE Appliances Connected Home PGP Key to encrypt your email. In your email, please include the following information:

    • Appliance Product Name(s), Model(s), and Serial Number(s)
    • The information on your Connected Appliance Information sticker
    • Description of the concern or vulnerability
    • Information to help GEA-PSRIT to replicate the issue, such as configuration details, a proof-of-concept, or exploit code
    • Whether or not you would like to be contacted in case more information is needed, and
    • Whether or not you would like to be acknowledged in helping us to improve our products. Should you choose to remain anonymous, GEA-PSIRT will not publicly disclose your identity. Maintaining your privacy is important and we will not publicly disclose your identity unless you inform us otherwise.

GEA-PSIRT will respond if further information is needed to investigate a security issue. Please note, GE Appliances does not disclose, discuss, or confirm any security issue until a full investigation is complete and any necessary press releases, security patches, and releases are available.

We acknowledge security researchers who have selected not to opt-out and who have reported security issues on all our brands of appliances through contacting GEA-PSIRT on the GE Appliances Connected Home Security Researchers Credit Page.

SMART HOME SECURITY GUIDANCE

Our Smart Home appliances are designed to deliver a connected home experience while protecting your data. The installation/configuration of these products involves other computer products in your home, such as a smart phone, tablet, and Wi-Fi network. This guide lists tips and best practices regarding security aspects of these devices.

Our Smart Home appliances are designed to deliver a connected home experience while protecting your data. The installation/configuration of these products involves other computer products in your home, such as a smart phone, tablet, and Wi-Fi network. This guide lists tips and best practices regarding security aspects of these devices.

1.  Choose a unique SSID (NETWORK NAME)

If your SSID is not unique, GE Wi-Fi appliances may have trouble identifying your network or automatically connecting to your network.

2.  Change the default administrator password on your home wireless network

Not changing the default administrator password on your home router increases your security risk.

3.  Use WPA2 encryption on your home wireless network

The four most common home wireless network configurations are: Open, WEP, WPA, and WPA2. Choose WPA2 for the highest level of protection. Open (or unsecured mode) does not provide authentication or encryption. If you use this security mode, anyone in close proximity to your Wi-Fi network will be able to join your network, use your Internet connection, and access any shared resources. In addition, they will be able to read much of the data you send over the network. For these reasons, this Wi-Fi mode is highly discouraged. WEP (Wired Equivalency Protocol) provided protection through encryption when it was first introduced in 1999. Unfortunately, tools are now commonly available that allow an attacker to break into a WEP network in a matter of minutes. For this reason, WEP should also be avoided. As one of the most robust forms of security offered by Wi-Fi products today, WPA2 (Wireless Protected Access) is strongly recommended. When using WPA2, both TKIP (Temporal Key Integrity Protocol) and AES (Advanced Encryption Standard) options are typically available. While TKIP is still widely considered secure, the AES option is preferred. Please refer to your router manufacturer's documentation or contact your local computer/network service provider for help ensuring that your Wi-Fi network is adequately secured.

4.  Choose a strong password

It is suggested that strong passwords be used, conforming at a minimum to the following rules:

    • At least eight characters long
    • Does not contain your name, email address, or other personal identification
    • Does not contain a complete word
    • Contains characters from all of the following four categories:
        • Uppercase Letters
        • Lowercase Letters
        • Numbers
        • Symbols found on the keyboard

It is further recommended to use passphrases for passwords. Passphrases are typically easier to remember and can meet all of the recommended length and character category requirements.

5.  Be careful on using password keepers

Although convenient, it is recommended to not use them at all. Use passphrases for passwords as they tend to be easier to remember.

6.  Be careful what you click

Review the URL before you click and go to known and trusted Internet sites. If the URL looks funny, do not click it. A lot of untrusted URLs are variants of trusted ones, with words that at first glance seem they are spelled correctly but actually are not. Be sure and review the URL address completely.

7.  Be careful on opening email attachments or attachments contained on the internet site

Verify the source that sent you the attachment before you open it. If you cannot verify the source, don't open the attachment.

8.  Security patching

Keep your smart phone(s) and tablet(s) up to date with security patches provided by the manufacturer. Please refer to your device's operating system and software application manufacturers for appropriate guidance.

9.  Smart phone and tablet password protection

Ensure that your smart phone and tablet always has a screen lock password and is set to automatically enter a locked state after a short period of inactivity.

10.  Separate networks

Security experts recommend creating separate and secure networks dedicated for your IoT devices that are separate from your network used for banking or e-commerce activities or that which handles your most private and sensitive data. You can further segregate your networks based on the IoT device itself. There are two methods for this when using one Internet connection, (1) using one router and set up a “guest access” or a “guest network” within the router settings or (2) use separate routers paired with your Internet connection. If you choose to set up a guest network, ensure the password for the guest network is strong and, if available, ensure that access to local network resources is turned off, this may also be called “isolate”.