AITO M7
From Wiki-IoT
Classification
| AITO M7 | |
|---|---|
| Classification | |
| Grade | A |
| Calculator version | 1 |
| Classification date | 2025-10-05 |
| Information | |
| Name | AITO M7 |
| Brand by Parent | AITO by Seres Group |
| Generation | New Model (2024) |
| Model(s) | Plus, Max, Ultra |
| Release date | 2023-09-12 |
| Type/Category | Car |
| Website | [1] |
| Status | In sale |
| More | |
| Dimensions | 5020 x 1945 x 1760 mm |
| Mass | 2340 kg |
| Operating system | HarmonyOS Cockpit |
| Companion App | AITO App (for iOS and Android) |
| CPU | |
| GPU | |
| Memory | |
| Storage | |
| Battery | |
| Power | |
| Charging | |
| Display | |
| Camera | |
| Sound | |
| Connectivity | |
| Device | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Known hardware tampering | None | [2] | A complex, integrated vehicle system. Physical tampering would require specialized tools and knowledge, and would be immediately evident. No reports of supply chain tampering. |
| Known vulnerabilities | Rare | [3] | The vehicle's software is a closed ecosystem. Huawei has a mature PSIRT process to manage vulnerabilities, which are addressed via mandatory OTA updates. |
| Prior attacks | None | [4] | No publicly documented, widespread security breaches that have successfully compromised AITO vehicles remotely |
| Updatability | Very common | [5] | Vehicle receives frequent Over-the-Air (OTA) updates for both the HarmonyOS Cockpit (infotainment) and critical driving systems like ADS (Advanced Driving System |
| Category score | 2 | ||
| System | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Authentication with other systems | Full | [6] | The vehicle maintains a persistent, secure connection to the AITO/Huawei cloud for remote control, diagnostics, and data synchronization |
| Communications | Encrypted with up-to-date encryption | [7] | All Vehicle-to-Cloud (V2C) communications are encrypted end-to-end to protect against eavesdropping and man-in-the-middle attacks |
| Storage | Encrypted with up-to-date encryption | [8] | Sensitive user data and vehicle information are encrypted both on the vehicle's internal storage and on the cloud servers |
| Category score | 1 | ||
| User Authentication | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Account management | Full | [9] | Requires an AITO/Huawei account for full functionality. The vehicle supports multiple driver profiles with personalized settings |
| Authentication | Secure | [10] | Supports multiple authentication methods: Phone as a Key (Bluetooth/NFC), physical NFC card, facial recognition for driver profiles, and a PIN for sensitive settings. |
| Brute-force protection | Exist | [11] | The in-vehicle system locks out after multiple incorrect PIN attempts. The cloud account has standard server-side brute-force protection. |
| Event logging | Access event logged | [12] | The vehicle logs access events, driving data, and system diagnostics (similar to an event data recorder or "black box"). Cloud access is also logged. |
| Passwords | Require change after setup with complexity requirements | [13] | The AITO/Huawei account requires a password meeting complexity rules. The in-vehicle system requires a separate PIN to be set up |
| Category score | 1 | ||
| Grade | A |
|---|
