AITO M5
From Wiki-IoT
Classification
| AITO M5 | |
|---|---|
| Classification | |
| Grade | A |
| Calculator version | 1 |
| Classification date | 2025-10-05 |
| Information | |
| Name | AITO M5 |
| Brand by Parent | AITO by Seres Group |
| Generation | New Model (2024) |
| Model(s) | Max, RS |
| Release date | 2024-04-23 |
| Type/Category | Car |
| Website | [1] |
| Status | In sale |
| More | |
| Dimensions | 4785 x 1930 x 1620 mm |
| Mass | ~2200 - 2350 kg |
| Operating system | HarmonyOS Cockpit |
| Companion App | AITO App (for iOS and Android) |
| CPU | |
| GPU | |
| Memory | |
| Storage | |
| Battery | |
| Power | |
| Charging | |
| Display | |
| Camera | |
| Sound | |
| Connectivity | |
| Device | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Known hardware tampering | None | [2] | Integrated vehicle system where physical tampering is difficult and detectable. No public reports of malicious supply chain tampering. |
| Known vulnerabilities | Rare | [3] | The HarmonyOS-based system is a closed ecosystem. Huawei's PSIRT team manages vulnerabilities, which are patched via mandatory OTA updates |
| Prior attacks | None | [4] | No publicly documented, widespread security breaches have been successful against the AITO vehicle platform. |
| Updatability | Very common | [5] | Receives frequent Over-the-Air (OTA) updates for the infotainment system, advanced driving system (ADS), and other vehicle functions. |
| Category score | 2 | ||
| System | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Authentication with other systems | Full | [6] | Maintains a secure, persistent connection to the AITO/Huawei cloud for remote control, diagnostics, and data services. |
| Communications | Encrypted with up-to-date encryption | [7] | All data communication between the vehicle, the cloud, and the companion app is protected by end-to-end encryption. |
| Storage | Encrypted with up-to-date encryption | [8] | Sensitive user and vehicle data is encrypted at rest, both on the vehicle's internal storage and in the cloud. |
| Category score | 1 | ||
| User Authentication | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Account management | Full | [9] | A mandatory AITO/Huawei account is used for all smart features. The system supports multiple driver profiles with personalized settings. |
| Authentication | Secure | [10] | Supports multiple authentication methods: Phone as a Key (PaaK), NFC card, facial recognition for driver login, and a PIN for sensitive settings. |
| Brute-force protection | Exist | [11] | In-vehicle systems lock out after multiple failed PIN entries. The cloud account has standard server-side brute-force protection. |
| Event logging | Access event logged | [12] | The vehicle logs access and operational data. The cloud service logs all account access events for security auditing. |
| Passwords | Require change after setup with complexity requirements | [13] | The required AITO/Huawei account enforces password complexity. An in-vehicle PIN must be set by the user. |
| Category score | 1 | ||
| Grade | A |
|---|
