Jiobit customer data has never been sold or traded, re-committing to continued data privacy
Many connected wearables, Smart Home, and IoT products employ relatively rudimentary security and data protection for their customers, leaving your family’s data at risk to be compromised.
That’s because in the mad dash to launch a new product, security tends to get deprioritized by engineering teams. This is all well and good, until it isn’t. Eventually, there will be a security incident and an unprepared company will be forced to take a quick and reactive approach to address it. An example is the internet toymaker, Cloud Pets, which was easily hacked, and all data on children, including their voices and photos, was ransomed. Over 820,000 user accounts were exposed. Their stock plummeted 99%.
Data breaches are happening more and more frequently and security is a particularly serious problem in the IoT space since lax security can allow hackers to penetrate and manipulate physical devices. In reaction to this frightening trend, California recently became the first state to pass a bill on IoT security for consumers. According to Digital Times, “the bill introduces regulations for all connected devices sold in the US.”
As a company delivering peace of mind to our users, Jiobit has made keeping customer data private a top priority, and are already compliant with California’s new legislation regarding the issue.
When it comes to protecting sensitive data about your family, our company cannot just check the box. We have to go the extra mile (or two). That’s because Jiobit collects location data of those wearing the device, which is often kids. Information about your children is some of the most private data you can generate.
We began investing heavily in cybersecurity technologies early in our company’s history and continue to do so today. To help build additional transparency with our customers, and future customers, we believe that sharing more specifics for how we keep that data secure is warranted.
So, here’s how we’re doing it.
- Jiobit TrustChip: Jiobit contains a dedicated security chip similar to those used in “chip” credit cards. This is used to store encryption keys that identify your Jiobit to our servers to protect your sensitive data.
- COPPA compliant: Jiobit complies with The Children's Online Privacy Protection Rule, protecting the personal information of children under 13.
- Compliant to California Senate Bill 327: The California bill for “Information privacy: connected devices” took effect on January 1, 2020. It requires all Internet of Things (IoT) devices sold in the state to be equipped with “reasonable security.”
- Secure Software to Prevent Malware or Data Theft: The Jiobit device refuses to download or run software that is not signed by Jiobit. This process also leverages the Jiobit TrustChip to authenticate the software. A similar process is followed for our smartphone apps as well.
- Data Encryption: Jiobit location data is transmitted by the Jiobit and encrypted using AES-128 and AES-256 encryption. When your data is stored on our servers, it is also encrypted as well, which can only be decrypted by your personal authentication or by a small number of authorized customer support employees for escalations should you need help.
- Intrusion Resistant Hardware: Jiobit circuit boards employ proprietary tamper-resistant features to deter the most sophisticated hardware hackers so that rogue software cannot be placed on the device.
- Penetration (“pen”) testing: Jiobit’s software and data are subject to trial by fire and have been verified secure by professional penetration testers who validate the integrity of your system by attempting to break in to find weaknesses.
- Smartphone data protection: Smartphone apps should never store the user's password on the phone. It should store a user-specific token, which is encrypted and secured by a smartphone Keystore system. That token is periodically renewed to make it more secure. Additionally, we ensure our apps will not run on rooted/jailbroken phones in order to maintain a secure environment.
- User authentication: Jiobit uses trusted 3rd party identity platforms for user authentication, which will store a secure token that is periodically renewed by the cloud and does not retain any user/name passwords.
As IoT solutions continue to flood the market, more sensitive consumer data will be at stake. This means that security in IoT is more critical than ever. We set out to build Jiobit with security top of mind. We’d love to hear if you think we can do more by tweeting us: @Jiobit
More About Jiobit TrustChip Technology.
Jiobit contains a dedicated security chip similar to those used in “chip” credit cards. This is used to store encryption keys that identify Jiobit to our servers to protect your data. A device without this chip isn’t a Jiobit and will not communicate to our secure servers. This is similar to what the US Military uses to authenticate service members on their computing systems.
Upon powering up Jiobit for the first time, the Jiobit TrustChip randomly generates a secret identity just for you so that it can encrypt all data traffic.
By contrast, many connected devices use simple passwords or keys that are common to all devices. Even worse, many times those encryption keys are stored in an unencrypted file (similar to putting your password in a text file). If Jiobit were designed this way, discovering this single key could result in compromising all devices and potentially revealing all locations to anyone who has this key.
More about cryptographically signed software.
The Jiobit device refuses to download software that is not signed by Jiobit. This process also leverages the Jiobit TrustChip to authenticate the software. A similar process is followed for our smartphone apps as well.
Unlike Linux-based smart devices (most IoT products), Jiobit runs a custom proprietary real-time operating system, meaning there is no known published or public documentation on installing software into the OS.
Jiobit internal controls ensure no single employee possesses the information to perform the signing of that software.
The security codes required for Jiobit to sign that software remain in separated locked, physical vaults.
More about Jiobit location data that is encrypted using AES-128 and AES-256 encryption.
Location data is never sent “in the clear”. Jiobit encrypts all data passed to and from our cloud infrastructure and uses TLS 1.2 with encryption, similar to HTTPS on your web browser, to establish connections. Any data communication is always fully encrypted from our smartphone apps or the Jiobit device.
When your data is stored on our servers, it is also encrypted as well, which can only be decrypted by your personal authentication or by a small number of authorized customer support employees for escalations should you need help.
More about Jiobit hardware intrusion resistance.
Unlike your phone, your PC, smart home devices, security cameras, or routers, if you were to physically open up the Jiobit device, it cannot be programmed. Jiobit burns away part of the circuit board used for physical software programming. This precludes anyone else from putting software or attempting to modify the software on the device.
Jiobit circuit boards employ proprietary tamper-resistant features to further deter the most sophisticated hardware hackers. Jiobit does not expose any data ports that can be used for external data communications or software programming.