Xiaomi has published a new set of proposed global standards aimed at bolstering security of its consumer IoT products.
"Users' security and privacy is the top priority of Xiaomi, and we promise that this applies to all markets where we operate,” said Cui Baoqiu, Xiaomi vice president and chairman of Xiaomi Security and Privacy Committee.
He added: “Over the years, we have made great efforts to protect users' security and privacy. I'm confident and proud to say that Xiaomi is in the leading position of IoT security policies and practices in the world, and we will continue to work hard to build a better IoT ecosystem for our users."
According to Xiaomi, its proposed security guideline meets the need of the consumer IoT industry as there is no such general standard that can be publicly queried and implemented.
Now companies can use this guide to avoid some basic security and privacy protection risks, and to quickly improve the security and privacy protection capabilities of their IoT products
Entitled "Cyber Security Baseline for Consumer Internet of Things Device Version 2.0", the guideline aims to protect security and user privacy with a comprehensive set of requirements that span across device hardware, device software to device communication.
The document also states the requirements on data security and privacy, which include communication security, authentication and access control, secure boot and data deletion among others.
It is a security baseline that all Xiaomi smart devices should follow.
Xiaomi owns the world's leading consumer AIoT platform. As of November 2021, Xiaomi's AIoT platform has connected more than 400 million devices, excluding smartphones and laptops, and there are more than 8 million users with 5 or more Xiaomi IoT devices around the world.
Achieving BSI Kitemark for IoT devices
The guideline comes as the British Standards Institution (BSI) confirmed that Xiaomi Mesh System AX3000 has obtained the BSI IoT Kitemark Certificate, which has proved the high degree of consistency between the Cyber Security Baseline for Consumer Internet of Things Device of Xiaomi and the international IoT security standards held by BSI.
David Mudd, BSI global digital and connected product certification director, said: "Connected devices can bring huge benefits to society, but it is imperative that their function and security can be trusted throughout the required device life. By achieving the BSI Kitemark for IoT Devices for its product and having its systems regularly and independently tested and monitored, Xiaomi is demonstrating to consumers their commitment to safeguarding information."
The BSI IoT Kitemark is a product and service quality certification owned and operated by BSI. It conducts technical testing and security audits for IoT systems, giving consumers reassurance and confidence of secure and trust-worthy IoT devices under the highest standards. Obtaining the BSI IoT Kitemark Certificate means that Xiaomi products are in compliance with multiple cybersecurity standards, including the ETSI/EN303645 standard issued by European Telecommunications Standards Institute (ETSI), as well as the Open Web Application Security Project® (OWASP) Top 10 security requirements.
It is the third time that Xiaomi received this international security accreditation, following Mi 360° Home Security Camera 2K and Xiaomi Home App, which achieved the BSI Kitemark™ Certificates in July 2021.
Commitment to IoT security
In the past few months, Xiaomi has been focused on putting more teeth into the security of its IoT products.
In June 2021, Xiaomi published the Xiaomi IoT Privacy White Paper , explaining the security and privacy policies and practices of Xiaomi's IoT products, gaining trust by increasing the transparency.
In November of the same year, in The Contemporary Use of Vulnerability Disclosure in IoT (Report 4: November 2021) published by the Internet of Things Security Foundation (IoTSF), Xiaomi was listed as one of the 21 IoT device suppliers that met the extended threshold test, namely received the highest rating for security vulnerability disclosure policy, which shows Xiaomi's leadership in IoT security.
In the future, Xiaomi will keep improving its IoT security framework, while strengthening its security management and technical testing capabilities to fulfil the responsibility of a global industry leader and let everyone in the world enjoy a better and smarter life through innovative and safe technology.