What functionality, if any, will the device have after support ends and at end-of-life?
Customer will be able to continue use of a device at its end-of-life, but it is possible that customer cannot control the device through the APP any longer.
How can customers report suspected problems with cybersecurity implications, such as software vulnerabilities, to the manufacturer? Will reports be accepted after support ends? Will reports be accepted after end-of-life?
Customers can report problems on Jimi website (https://www.Jimilab.com/security/), or communicate with sales managers. All reports will be accepted even after support ends or end-of-life.
How can customers maintain security even after official support for the device has ended? Will essential files or data be made available in a public forum to allow others, even the customers themselves, to continue to support the IoT device?
Manufacturers will inform users of the information through APP before discontinuing support.
What information do customers need on general cybersecurity-related aspects of the device, including device installation, configuration (including hardening), usage, management, maintenance, and disposal?

The user can use it normally after connecting the device to the network according to the operation manual, other operations are not required. All of the user's actions are considered by the vendor and are taken into account at the beginning of the system's design.

What is the potential effect on the device if the cybersecurity configuration is made more restrictive than the secure default?

There is no need to change the network security-related configuration in use.

What inventory-related information do customers need for the device’s internal software and firmware, such as versions, patch status, and known vulnerabilities? Do customers need to be able to access the current inventory on demand?

Users can check known security risks through Jimi IoT security site https://www.Jimilab.com/security/

Users can view other device relate information through APP.
What information do customers need about the sources of the device’s software, firmware, hardware, and services?

The user does not need to pay attention to the software and hardware used by the specific device, cloud service platform and other information during use.

What information do customers need on the device’s operational characteristics so they can adequately secure the device? How should this information be made available?
There isn’t multiple firmware for this product. The user does not need to pay attention to the software and hardware used by the specific device, cloud service platform and other information during use.
What functions can the device perform?
Jimi IoT supplies a full range of GNSS tracking devices, including hardwired GPS tracker/wireless GPS tracker, 2G/3G/4G GPS tracker, basic/versatile tracker. By leveraging GPS tracking devices, you can protect and fully utilize your trailer, truck, tractor, construction fleet, and equipment, etc.Car DVRs are the ideal companions for daily driving and long-distance travel, as they can record what is happening on the road and every detail inside the car. Dash Cam features live tracking and video capture, G-sensor, emergency calls, and more, making it the perfect choice to deter crime, record bad motorists, and more quickly resolve disputes resulting from traffic accidents.
What data types can the device collect? What are the identities of all parties (including the manufacturer) that can access that data?

Description

Name of the collected data

Detail content of the data

DUT or companion Midea APP or Tracksolid APP or cloud or third party that collected,stored and accessed the data

collector

storer

accessor

Data 1

Email address

Nickname

Profile photo

Account login password

To verified user’s identity

APP

Cloud & APP

Cloud & APP

Data 2

Schedule

To start device regularly

APP

Cloud &APP

Cloud &APP

Data 3

IP address

To help track and fix any fault; or error in the application

APP

Cloud & APP

Cloud & APP

Data 4

 Wi-Fi SSID

Wi-Fi password

For network communication

Device

Device

Device

Data 5

Wi-Fi firmware version

For firmware update

APP

Cloud & APP

Cloud & APP

What are the identities of all parties (including the manufacturer) who have access to or any degree of control over the device?

Users and device manufacturers have access to or any degree of control over the device.

Will updates be made available? If so, when will they be released?

The Redstone upgrade application is built into the device. When the device is powered on, the upgrade program will run automatically after the device is restarted, and actively initiate a request to access the Redstone server to detect whether there is an upgrade task.

• If there is an upgrade task, it will download the firmware upgrade package.

• After the firmware upgrade package is downloaded, the program will first check the integrity of the upgrade package. If the firmware version integrity check is successful, it will notify the system to perform the upgrade.

• When the system receives the notification of the upgrade action, it will verify the system signature of the upgrade package. After the system signature verification is successful, it will execute the upgrade action.

Under what circumstances will updates be issued?

The Jimi product team will release new firmware on Jimi cloud platform when vulnerabilities are found, or functions can be optimized.

How will updates be made available or delivered? Will there be notifications when updates are available or applied?

The Redstone upgrade application is built into the device. When the device is powered on, the upgrade program will run automatically after the device is restarted, and actively initiate a request to access the Redstone server to detect whether there is an upgrade task.

• If there is an upgrade task, it will download the firmware upgrade package.

• After the firmware upgrade package is downloaded, the program will first check the integrity of the upgrade package. If the firmware version integrity check is successful, it will notify the system to perform the upgrade.

• When the system receives the notification of the upgrade action, it will verify the system signature of the upgrade package. After the system signature verification is successful, it will execute the upgrade action.

Which entity (e.g., customer, manufacturer, third party) is responsible for performing updates? Or can the customer designate which entity will be responsible?

Manufacturer is responsible for performing updates. The customer can't designate which entity will be responsible for performing updates, the update will be automatically applied by the manufacturer. 

How can customers verify and authenticate updates?

Customer does not need to verify firmware as this is performed by device.

What information should be communicated with each individual update?

Users can get software update information through APP.

E.g., Product function iteration, Performance efficiency update, bug repair, etc
Will customers want to transfer ownership of their devices to another party?
If so, what do customers need to do so their user and configuration data on the device and associated systems (e.g. cloud-based services used by the device) are not accessible by the party who assumes ownership?

The user can restore the device to the factory settings according to the device operation manual. And then, the user data will be cleared, and third-party users can use the device.

Will customers want to render their devices inoperable? If so, how can customers do that?

After the user terminates the binding of the device through the APP, the device will no longer be controlled remotely (unless re-binding). The user can restore the device to factory settings by deleting the account and device in the APP or services backend.

Which non-technical means can be provided by the manufacturer or other organizations and services acting on behalf of the manufacturer?

When remotely controlling the device, consumer need to connect to the cloud service platform provided by the manufacturer through a wireless network.

1、Jimi provides IoT Security Emergency Response Centre for receiving and handling security issues.

2、The manufacturer provides firmware update support during the device support period.

3、Provide Jimi online service if user meet any problem during the device support period.