Has an established IoT platform been used instead of acquiring and integrating individual hardware and software components?

The equipment development is based on Android go, and the cloud service is built on the Ali cloud platform. Using these existing mature hardware or software components will help reduce security threats.

Are any of the device cybersecurity capabilities hardware-based?

The device uses a hardware true random number generator (TRNG) to generate a true random number as the ROOT_KEY, and then save the ROOT_KEY in efuse.

Does the hardware, firmware, or software (including the operating system) include unneeded device capabilities with cybersecurity implications? If so, can they be disabled to prevent misuse and exploitation?

The source code is compiled and burned to the device; source code is not involved during the use of the device. The debug interface has been closed, and unauthorized users cannot access it.

JIMI developers use Git to control source code of the device, and it implement session control, access control, all these functions can protect device code from unauthorized access and tampering.

How is IoT device code protected from unauthorized access and tampering?

The source code is compiled and burned to the device; source code is not involved during the use of the device. The debug interface has been closed, and the unauthorized users cannot access it.

Jimi developers use Git to control source code of the device, and it implement session control, access control, all these functions can protect device code from unauthorized access and tampering.
How can customers verify software integrity for the IoT device?
The user does not need to verify the integrity of the device software, and the integrity is guaranteed by the device itself.
What verification is done to confirm that the security of third-party software used within the IoT device meets the customers’ needs?
Manually source code reviewing to ensure the safety of third-party components.
What measures are taken to minimize the vulnerabilities in released IoT device software?

1. Turn off unnecessary network and logical interfaces.

2. Prohibit network interfaces from leaking security-related information.

3. Disable network/ADB debug interfaces.
What measures are taken to accept reports of possible IoT device software vulnerabilities and respond to them?

We can receive possible vulnerability reports through Jimi IoT Security Centre (https://www.Jimilab.com/security/) and provide relevant information to the reporter.

What processes are in place to assess and prioritize the remediation of all vulnerabilities in IoT device software?
JimiIoT security team will evaluate the severity of all collected vulnerabilities, and determine the processing priority level based on the risk assessment results of the vulnerabilities in the product, and response to and repair the vulnerabilities in a timely manner according to the priority level to prevent the vulnerability from being maliciously exploited and affecting users.
What terminology will the customer understand?

For example, a home user will likely have less technical knowledge than points of contact at a large business

Customers don't need to understand special terminology, they can directly contact after-sales staff when they encounter problems.
How much information will the customer need?

Customer can use the device normally according to manual, and that's enough for customer. Manufacturer can also notify the user through the APP in some cases,such as firmware update notification. Customers just need general knowledge to understand all information.

How/where will the information be provided?

Customer can acquire information through APP\user manuals.

How can the integrity of the information be verified?

Customer purchase equipment through legal ways or download APP from the official website, the information will be secure.

Will customers have to communicate with you as the manufacturer?

Any problems can be submitted to this site:https://www.Jimilab.com/security/

Who were the expected customers?
The device is not aimed at a specific type of user or a specific industry, the product is for normal consumers.
How was the device intended to be used?

The devices are used to protect our assets and monitor the driving conditions. Let’s see these two examples:

JC400 is the ideal companion for daily driving and long-distance travel. As a dual channel dash cam, it has a front camera to record what is happening on the road, and a detached cabin-facing camera that records every detail inside the car. As an integrated product, the JC400 Dual Channel Dash Cam features live tracking and video capture, G-sensor, emergency calls, and more, making it the perfect choice to deter crime, record bad motorists, and more quickly resolve disputes resulting from traffic accidents.

JM-LL01 is an LTE asset tracker with ultra-long standby time. Depending on reporting frequency, its low consumption internal battery can provide up to 3 years of working time on a single charge. The JM-LL01's strong magnetic base allows for effortless installation onto any metal surface, and a light sensor will be triggered and an alert sent once detachment occurs, helping users to feel totally assured that their assets are under constant protection.

What types of environments would the device be used in?
The device is mainly use inside the car.
How would responsibilities be shared among the manufacturer, the customer, and others?
Responsibilities should be shared among the manufacturer, the customer, and others according to terms of service. The manufacturer is responsible for the quality of device and the continuity and effectiveness of platform services. The customers should use the device and platform correctly.
How long do you intend to support the device?
You can choose our products with no worries, as we provide a 13-month warranty for all tracking and DVR devices. If you choose to bind your devices with our platform Tracksolid/Tracksolid Pro, the warranty period extends to 24 months. Users can choose to upgrade their app if a newer version is available and get firmware upgrade services for free. Our app upgrades at least once every 2 weeks and the firmware for our products on sale upgrade at least once every 3 months. You can choose to subscribe to access all functions of our platform (app/web) and get better services.
When do you intend for device end-of-life to occur? What will the end-of-life process be?
Usually the devices can work for 3 years. It also depends on the working environment. If the device is unavailable, you can contact Jimi for help. Our engineers will diagnose and repair it. They will tell you the product life cycle situation. When the old model is out of service, Jimi will inform users of the information through APP before discontinuing support.