Xiaomi, a consumer electronics and smart manufacturing company that established the world’s leading consumer AIoT (AI+IoT) platform, has published a new set of proposed global standards to support and reassure consumers about the security of their data while using IoT products.
The guideline entitled “Cyber Security Baseline for Consumer Internet of Things Device Version 2.0” *[1] aims to protect security and user privacy with a comprehensive set of requirements covering guidelines from device hardware, device software to device communication. It also states the requirements on data security and privacy, which include communication security, authentication and access control, secure boot, data deletion, etc. It is a security baseline that all Xiaomi smart devices should follow.
The guideline of Xiaomi meets the need of the consumer IoT industry as there is no such general standard that can be publicly queried and implemented. Now companies can use this guide to avoid some basic security and privacy protection risks, and to quickly improve the security and privacy protection capabilities of their IoT products.
Xiaomi owns the world’s leading consumer AIoT platform. As of November 2021, Xiaomi’s AIoT platform has connected more than 400 million devices, excluding smartphones and laptops, and there are more than 8 million users with 5 or more Xiaomi IoT devices around the world. Xiaomi offers the most comprehensive security protection to its users and explores the best industry solutions and common standards for other stakeholders.
The guideline comes as the British Standards Institution (BSI) confirmed that Xiaomi Mesh System AX3000 has obtained the BSI IoT Kitemark™ Certificate, which has undoubtably proved the high degree of consistency between the Cyber Security Baseline for Consumer Internet of Things Device of Xiaomi and the international IoT security standards held by BSI.
“Users’ security and privacy is the top priority of Xiaomi, and we promise that this applies to all markets where we operate. I’m delighted to see that Xiaomi Mesh System AX3000 has also successfully joined the BSI Kitemark™ certification. Over the years, we have made great efforts to protect users’ security and privacy. I’m confident and proud to say that Xiaomi is in the leading position of IoT security policies and practices in the world, and we will continue to work hard to build a better IoT ecosystem for our users.” said Cui Baoqiu, Xiaomi Vice President and Chairman of Xiaomi Security and Privacy Committee.
David Mudd, BSI Global Digital and Connected Product Certification Director, said, “Connected devices can bring huge benefits to society, but it is imperative that their function and security can be trusted throughout the required device life. By achieving the BSI Kitemark™ for IoT Devices for its product and having its systems regularly and independently tested and monitored, Xiaomi is demonstrating to consumers their commitment to safeguarding information. Congratulations to the team at Xiaomi for this achievement.”
The BSI IoT Kitemark™ is a product and service quality certification owned and operated by BSI. It conducts technical testing and security audits for IoT systems, giving consumers reassurance and confidence of secure and trust-worthy IoT devices under the highest standards. Obtaining the BSI IoT Kitemark™ Certificate means that Xiaomi products are in compliance with multiple cybersecurity standards, including the ETSI/EN303645 standard issued by European Telecommunications Standards Institute (ETSI), as well as the Open Web Application Security Project® (OWASP) Top 10 security requirements.
It is the third time that Xiaomi received this international security accreditation, following Mi 360° Home Security Camera 2K and Xiaomi Home App, which achieved the BSI Kitemark™ Certificates in July 2021.
These are only a small part of the bigger picture of what Xiaomi has achieved on IoT security. In June 2021, Xiaomi published the Xiaomi IoT Privacy White Paper *[2], explaining the security and privacy policies and practices of Xiaomi’s IoT products, gaining trust by increasing the transparency. In November of the same year, in The Contemporary Use of Vulnerability Disclosure in IoT (Report 4: November 2021) *[3] published by the Internet of Things Security Foundation (IoTSF), Xiaomi was listed as one of the 21 IoT device suppliers that met the extended threshold test, namely received the highest rating for security vulnerability disclosure policy, which demonstrates Xiaomi’s leadership in IoT security.
In the future, Xiaomi will keep improving its IoT security framework, while strengthening its security management and technical testing capabilities to fulfill the responsibility of a global industry leader and let everyone in the world enjoy a better and smarter life through innovative and safe technology.