AITO M9
From Wiki-IoT
Classification
| AITO M9 | |
|---|---|
| Classification | |
| Grade | A |
| Calculator version | 1 |
| Classification date | 2025-10-05 |
| Information | |
| Name | AITO M9 |
| Brand by Parent | AITO by Seres Group |
| Generation | 1 |
| Model(s) | Max, Ultra (EREV and EV versions) |
| Release date | 2023-12-26 |
| Type/Category | Car |
| Website | [1] |
| Status | In sale |
| More | |
| Dimensions | 5230 x 1999 x 1800 mm |
| Mass | ~2560 - 2725 kg |
| Operating system | HarmonyOS Cockpit |
| Companion App | AITO App (for iOS and Android) |
| CPU | |
| GPU | |
| Memory | |
| Storage | |
| Battery | |
| Power | |
| Charging | |
| Display | |
| Camera | |
| Sound | |
| Connectivity | |
| Device | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Known hardware tampering | None | [2] | Extremely complex and integrated vehicle system. Physical tampering would require authorized tools and diagnostics. No reports of supply chain tampering. |
| Known vulnerabilities | Rare | [3] | Runs a closed HarmonyOS ecosystem. Huawei's dedicated Product Security Incident Response Team (PSIRT) manages vulnerabilities, which are patched via mandatory OTA updates. |
| Prior attacks | None | [4] | No publicly documented, widespread security breaches have been successful against the AITO vehicle platform. |
| Updatability | Very common | [5] | Receives frequent and comprehensive Over-the-Air (OTA) updates for the intelligent cockpit, advanced driving system (ADS), and vehicle control units |
| Category score | 2 | ||
| System | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Authentication with other systems | Full | [6] | Maintains a persistent, secure, and encrypted connection to the AITO/Huawei cloud for remote control, vehicle status, and data services. |
| Communications | Encrypted with up-to-date encryption | [7] | All Vehicle-to-Cloud (V2C) and Vehicle-to-App (V2A) data transmissions are protected by end-to-end encryption. |
| Storage | Encrypted with up-to-date encryption | [8] | All sensitive user data, including biometric information and driving logs, is encrypted at rest both on the vehicle's internal storage and in the cloud. |
| Category score | 1 | ||
| User Authentication | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Account management | Full | [9] | Requires an AITO/Huawei ID for full functionality. Supports multiple driver profiles with granular permissions and personalized settings. |
| Authentication | Secure | [10] | Multi-modal authentication: Phone as a Key (PaaK via Bluetooth/UWB), NFC card, 3D facial recognition for driver profile login, and an in-vehicle PIN for sensitive operations. |
| Brute-force protection | Exist | [11]] | In-vehicle systems lock out after multiple incorrect PIN/authentication attempts. The cloud account has standard server-side brute-force protection. |
| Event logging | Access event logged | [12]] | The vehicle maintains comprehensive logs for access, driving data, and system diagnostics. Cloud account access is also logged for security audits. |
| Passwords | Require change after setup with complexity requirements | [13] | The required AITO/Huawei account enforces password complexity. The in-vehicle PIN must be set up by the user after vehicle delivery. |
| Category score | 1 | ||
| Grade | A |
|---|
