FAQ

Common FAQ

Technical FAQ

Tracksolid FAQ

NIST8259 FAQ

Please describe the method to prevent any entity from editing the logs.

Setting the properties of the database to read-only permissions, and the unauthorized users cannot log in and modify data.

Has an established IoT platform been used instead of acquiring and integrating individual hardware and software components?

The equipment development is based on Android go, and the cloud service is built on the Ali cloud platform. Using these existing mature hardware or software components will help reduce security threats.

Are any of the device cybersecurity capabilities hardware-based?

The device uses a hardware true random number generator (TRNG) to generate a true random number as the ROOT_KEY, and then save the ROOT_KEY in efuse.

Does the hardware, firmware, or software (including the operating system) include unneeded device capabilities with cybersecurity implications? If so, can they be disabled to prevent misuse and exploitation?

The source code is compiled and burned to the device; source code is not involved during the use of the device. The debug interface has been closed, and unauthorized users cannot access it. JIMI developers use Git to control source code of the device, and it implement session control, access control, all these functions can protect device code from unauthorized access and tampering.

How is IoT device code protected from unauthorized access and tampering?

The source code is compiled and burned to the device; source code is not involved during the use of the device. The debug interface has been closed, and the unauthorized users cannot access it. Jimi developers use Git to control source code of the device, and it implement session control, access control, all these functions can protect device code from unauthorized access and tampering.

How can customers verify software integrity for the IoT device?

The user does not need to verify the integrity of the device software, and the integrity is guaranteed by the device itself.

What verification is done to confirm that the security of third-party software used within the IoT device meets the customers’ needs?

Manually source code reviewing to ensure the safety of third-party components.

What measures are taken to minimize the vulnerabilities in released IoT device software?

1. Turn off unnecessary network and logical interfaces. 2. Prohibit network interfaces from leaking security-related information. 3. Disable network/ADB debug interfaces.

What measures are taken to accept reports of possible IoT device software vulnerabilities and respond to them?

We can receive possible vulnerability reports through Jimi IoT Security Centre (https://www.Jimilab.com/security/) and provide relevant information to the reporter.

What processes are in place to assess and prioritize the remediation of all vulnerabilities in IoT device software?

JimiIoT security team will evaluate the severity of all collected vulnerabilities, and determine the processing priority level based on the risk assessment results of the vulnerabilities in the product, and response to and repair the vulnerabilities in a timely manner according to the priority level to prevent the vulnerability from being maliciously exploited and affecting users.