Xiaomi has launched its Cyber Security Baseline for Consumer Internet of Things Device Version 2.0 standards which set out security rules that all of its IoT devices should follow. While Xiaomi will be trying to stick to these guidelines itself, it said they’re also designed for other companies to use to help ensure customers get improved security and privacy protections.
The new guidelines set various requirements for device hardware, software, and the communication methods devices use. Specifically, it includes requirements for data security and privacy, communication security, authentication and access control, secure boot, data deletion, and more. The full document is available to download from the Mi Security GitHub repository.
Given the Chinese state’s track record on privacy, people will no doubt be sceptical that Xiaomi can offer up much in the way of security and privacy guidelines. In an attempt to show it can be trusted, Xiaomi mentioned that its AX3000 mesh system has become the third IoT product that it has created which has been given the British Standard Institution’s IoT Kitemark Certificate which is awarded to IoT devices that are ‘safe, secure, and functional.’
Commenting on the award given to the AX3000, David Mudd, BSI Global Digital and Connected Product Certification Director, said:
“Connected devices can bring huge benefits to society, but it is imperative that their function and security can be trusted throughout the required device life. By achieving the BSI Kitemark™ for IoT Devices for its product and having its systems regularly and independently tested and monitored, Xiaomi is demonstrating to consumers their commitment to safeguarding information. Congratulations to the team at Xiaomi for this achievement.”
IoT security is growing to be a concern for businesses as well as governments. The UK government has recently started the ball rolling on a new law that tightens up the security of IoT devices to help protect consumers, for example.