Home > News > featured news > Xiaomi Strengthens Its Position on Consumer IoT Security with Proposed Global Common Standards

SECURITY

Xiaomi Strengthens Its Position on Consumer IoT Security with Proposed Global Common Standards

Xiaomi Corporation | January 18, 2022

Xiaomi, a consumer electronics and smart manufacturing company that established the world's leading consumer AIoT (AI+IoT) platform, has published a new set of proposed global standards to support and reassure consumers about the security of their data while using IoT products.

The guideline entitled "Cyber Security Baseline for Consumer Internet of Things Device Version 2.0" *[1] aims to protect security and user privacy with a comprehensive set of requirements covering guidelines from device hardware, device software to device communication. It also states the requirements on data security and privacy, which include communication security, authentication and access control, secure boot, data deletion, etc. It is a security baseline that all Xiaomi smart devices should follow.

The guideline of Xiaomi meets the need of the consumer IoT industry as there is no such general standard that can be publicly queried and implemented. Now companies can use this guide to avoid some basic security and privacy protection risks, and to quickly improve the security and privacy protection capabilities of their IoT products.

Xiaomi owns the world's leading consumer AIoT platform. As of November 2021, Xiaomi's AIoT platform has connected more than 400 million devices, excluding smartphones and laptops, and there are more than 8 million users with 5 or more Xiaomi IoT devices around the world. Xiaomi offers the most comprehensive security protection to its users and explores the best industry solutions and common standards for other stakeholders.

The guideline comes as the British Standards Institution (BSI) confirmed that Xiaomi Mesh System AX3000 has obtained the BSI IoT Kitemark™ Certificate, which has undoubtably proved the high degree of consistency between the Cyber Security Baseline for Consumer Internet of Things Device of Xiaomi and the international IoT security standards held by BSI.

"Users' security and privacy is the top priority of Xiaomi, and we promise that this applies to all markets where we operate. I'm delighted to see that Xiaomi Mesh System AX3000 has also successfully joined the BSI Kitemark™ certification. Over the years, we have made great efforts to protect users' security and privacy. I'm confident and proud to say that Xiaomi is in the leading position of IoT security policies and practices in the world, and we will continue to work hard to build a better IoT ecosystem for our users." said Cui Baoqiu, Xiaomi Vice President and Chairman of Xiaomi Security and Privacy Committee.

"Connected devices can bring huge benefits to society, but it is imperative that their function and security can be trusted throughout the required device life. By achieving the BSI Kitemark™ for IoT Devices for its product and having its systems regularly and independently tested and monitored, Xiaomi is demonstrating to consumers their commitment to safeguarding information. Congratulations to the team at Xiaomi for this achievement."

David Mudd, BSI Global Digital and Connected Product Certification Director

The BSI IoT Kitemark™ is a product and service quality certification owned and operated by BSI. It conducts technical testing and security audits for IoT systems, giving consumers reassurance and confidence of secure and trust-worthy IoT devices under the highest standards. Obtaining the BSI IoT Kitemark™ Certificate means that Xiaomi products are in compliance with multiple cybersecurity standards, including the ETSI/EN303645 standard issued by European Telecommunications Standards Institute (ETSI), as well as the Open Web Application Security Project® (OWASP) Top 10 security requirements.

It is the third time that Xiaomi received this international security accreditation, following Mi 360° Home Security Camera 2K and Xiaomi Home App, which achieved the BSI Kitemark™ Certificates in July 2021.

These are only a small part of the bigger picture of what Xiaomi has achieved on IoT security. In June 2021, Xiaomi published the Xiaomi IoT Privacy White Paper *[2], explaining the security and privacy policies and practices of Xiaomi's IoT products, gaining trust by increasing the transparency. In November of the same year, in The Contemporary Use of Vulnerability Disclosure in IoT (Report 4: November 2021) *[3] published by the Internet of Things Security Foundation (IoTSF), Xiaomi was listed as one of the 21 IoT device suppliers that met the extended threshold test, namely received the highest rating for security vulnerability disclosure policy, which demonstrates Xiaomi's leadership in IoT security.

In the future, Xiaomi will keep improving its IoT security framework, while strengthening its security management and technical testing capabilities to fulfill the responsibility of a global industry leader and let everyone in the world enjoy a better and smarter life through innovative and safe technology.

About Xiaomi Corporation
Xiaomi Corporation was founded in April 2010 and listed on the Main Board of the Hong Kong Stock Exchange on July 9, 2018 (1810.HK). Xiaomi is a consumer electronics and smart manufacturing company with smartphones and smart hardware connected by an IoT platform at its core.

Embracing our vision of "Make friends with users and be the coolest company in the users' hearts", Xiaomi continuously pursues innovations, high-quality user experience and operational efficiency. The company relentlessly builds amazing products with honest prices to let everyone in the world enjoy a better life through innovative technology.

Xiaomi is one of the world's leading smartphone companies. The company's market share in terms of smartphone shipments ranked no. 3 globally in the third quarter of 2021. The company has also established the world's leading consumer AIoT (AI+IoT) platform, more than 400 million smart devices connected to its platform as of September 30, 2021, excluding smartphones and laptops. Xiaomi products are present in more than 100 countries and regions around the world. In August 2021, the company made the Fortune Global 500 list for the third time, ranking 338th, up 84 places compared to 2020.

Xiaomi is a constituent of the Hang Seng Index, Hang Seng China Enterprises Index, Hang Seng TECH Index and Hang Seng China 50 Index.

Spotlight

More featured news

Spotlight

Related News

ENTERPRISE IOT, INFRASTRUCTURE

emnify and Skylo Partner for IoT Cellular and Satellite Connectivity

emnify | March 15, 2023

On March 14, 2023, emnify, a renowned cloud-native enabler of IoT cellular connectivity, announced its strategic partnership with Skylo, a Non-Terrestrial Network (NTN) service provider. This collaboration will avail emnify users with 3GPP Rel-17 NTN-compliant radio user equipment for satellite IoT and terrestrial cellular connections. The solution will be supported by Skylo's global technology and will be managed using emnify's unique web portal and APIs. This collaboration places emnify at the cutting edge of an emerging IoT connectivity revolution. To integrate satellite and terrestrial mobile communications systems into a unified 'network of networks,' the companies will deliver more resilient, accessible, and flexible connectivity solutions. Furthermore, drawing on the latest 3GPP standards launched in March 2022, it will be among the first to provide dependable NTN support for IoT device fleets. emnify's IoT SuperNetwork offers a seamless service experience to customers worldwide, providing them with a single intuitive and responsive user interface to configure, manage, and update their devices. This reliable terrestrial mobile network coverage is now supplemented by satellite IoT connectivity to ensure constant connectivity of devices, regardless of location. emnify's partnership with Skylo elevates its solutions, reinforcing its position as the ultimate provider of cost-effective, dependable, and flexible network connectivity. VP of Network Access at emnify, Alexander Schebler, shared, "Today, most enterprises are limited to using terrestrial mobile networks for wireless IoT solutions, unless they opt for costly and proprietary satellite network services from an additional service provider." He added, "With this collaboration, we're changing that forever and redefining the future of IoT connectivity. There's no need for hybrid or proprietary solutions and patchworks of IoT service subscriptions: by bringing emnify and Skylo together, we're providing cost-effective universal connectivity and enabling customers to realize the full value inherent in their device fleets via their existing emnify cloud infrastructure." (Source – Business Wire) About emnify emnify is a leading cloud building block for cellular communications in the IoT stack, providing secure and scalable connectivity for millions of IoT devices worldwide. Its cloud-native integrations and no-code workflows ensure easy scalability for deployments of all sizes. The company's IoT SuperNetwork is the largest globally distributed mobile cloud core network, supporting local network access in over 180 countries through partnerships with leading cloud providers, system integrators, and radio network operators. Founded in 2014 and based in Berlin, it is trusted by thousands of the world's most innovative companies.

INDUSTRIAL IOT

Nozomi Networks Delivers Industry’s First AI-powered Cybersecurity Analysis and Response Engine for Critical Infrastructure

Globenewswire | May 17, 2023

Nozomi Networks Inc., the leader in OT and IoT security, introduced Vantage IQ™, the industry’s first AI-based analysis and response engine designed to quickly address security gaps and resource limitations in mission critical operational infrastructure. Available as an add-on to Vantage, Nozomi Networks’ SaaS-based security management platform, Vantage IQ uses artificial intelligence (AI) and Machine Learning (ML) to help security teams do more with less, by automating the time-consuming tasks associated with reviewing, correlating and prioritizing network, asset and alert data. Teams using Vantage IQ gain fast, accurate and in-depth cybersecurity analysis that’s not possible with human analysis alone. This advanced human-machine collaboration strengthens cybersecurity and resilience for critical infrastructure organizations while helping security administrators gain workload efficiencies. Vantage IQ raises the bar on security analytics and automation, by giving users the ability to Immediately understand what's happening across a network of IT, OT and IoT devices Quickly and easily extract process intelligence and priority tasks from massively expanding networks and data sources Improve response times with deeper insights, correlation and actionable intelligence According to Gartner, “Increased complexity in security is challenging security practitioners to decide where to focus their efforts. The volume of threats and the disruption they cause will drive interest toward security solutions that help identify and prioritize the most-critical risks and exposures.” “Artificial intelligence has always been part of our DNA,” said Nozomi Networks Co-founder and CPO Andrea Carcano. “While ChatGPT has sparked the world’s imagination around the potential of AI, it’s really just one example of the emerging use case for advancing neural network technologies. In the case of critical infrastructure security, Vantage IQ is a game changer, leveraging artificial intelligence to fundamentally change the way security professionals understand and respond to operational risk. We believe it’s the way cybersecurity data will be queried, analyzed and acted on going forward.” Key features in Vantage IQ include AI-powered Insights. Users can access Vantage IQ’s Insights Dashboard where alerts are automatically correlated, prioritized and supported with root cause information for more efficient remediation and fewer security gaps. Deep neural networks in Vantage IQ identify activity patterns in network data. Data is correlated to streamline forensic analysis, tuning and security enhancements. AI-based Query and Analysis. Users can easily gain a deeper understanding of their environment using natural language queries that answer common questions about vulnerabilities, network assets and other environmental details. Advanced Predictive Monitoring. Users can strengthen operational resiliency and prevent system outages with early warnings that system behaviors are deviating from the norm. The Time Series feature in Vantage IQ augments Vantage’s ability to alert on changes in the network with an additional level of alerting on unusual changes in the bandwidth of activity going through the sensors monitoring those networks. In future Vantage IQ will also alert on process variables enabling even great levels of predictive monitoring and maintenance. Vantage IQ is an optional add-on to Nozomi Networks Vantage SaaS platform. It is available in the third quarter from Nozomi Network and its extensive global network of channel partners. About Nozomi Networks Nozomi Networks accelerates digital transformation by protecting the world’s critical infrastructure, industrial and government organizations from cyber threats. Our solution delivers exceptional network and asset visibility, threat detection, and insights for OT and IoT environments. Customers rely on us to minimize risk and complexity while maximizing operational resilience.

ENTERPRISE IOT, DEVICES

TDengine and Casne Engineering Partner to Drive Innovation in Industrial IoT

globenewswire | April 06, 2023

TDengine™, the popular open-source time-series data platform, and Casne Engineering, industrial engineering and technology services provider, announced today a strategic partnership aimed at advancing innovation in the Industrial Internet of Things (IIoT) market. Through this partnership, Casne Engineering will integrate TDengine's time-series database technology into its existing IIoT solutions, creating a comprehensive IIoT platform for industrial customers. The collaboration seeks to help customers improve operational efficiency, reduce downtime, and increase overall equipment effectiveness (OEE). “Joining forces with TDengine will help to expand the range of possibilities in delivering cutting-edge IIoT solutions to our customers,” said Nick Wiley, executive vice president of Casne Engineering. “We chose TDengine because of its flexibility and performance for ingesting time-series data in the cloud. There’s no question about the platform’s ability to scale with us.” Using the TDengine platform and TDengine PI Connector, Casne will be better able to marshal large quantities of sensor data into the cloud, centralize data from disparate on-premise systems and geographical locations, share select data elements with partners and vendors, and perform real-time analytics using modern cloud tech stacks. "Collaborating with Casne Engineering will allow TDengine to accelerate innovation in the IIoT space,” said Jeff Tao, CEO of TDengine. “Our partnership will enable customers to extract more value from their data, optimizing their operations for increased productivity and profitability." About TDengine TDengine™ is the popular, open-source data platform purpose-built for time-series data. With over 20,000 stars on GitHub and hundreds of new installations daily, TDengine is used in over 50 countries worldwide. The company is headquartered in Los Gatos, CA, and has raised $70M in venture capital. Learn more at tdengine.com.