尚立集團 尚立行銷 尚茂智能 尚亞電子 尚立印太 尚立印度 尚碩生活
繁體中文
資安公告

Sunmore Smart Technology Co., Ltd. Information Security Announcement

1.Information Security Policy Description
This policy aims to establish a complete process for effectively managing the operations from the discovery of product vulnerabilities to the final remediation, ensuring the security of our products, systems, operations, and data. In the current environment, with the rapid development of technology, the risk of security vulnerabilities is increasing, which necessitates a clear and efficient response mechanism.

This policy applies to the company's products or systems, covering all stages including design, manufacturing, and sales, ensuring timely detection and handling of any security vulnerabilities throughout the entire product lifecycle. Vulnerabilities are defined as defects or shortcomings that occur during the product process, which may cause harm to consumers or users and affect the product's performance, quality, or safety standards.

To ensure effective vulnerability management, product managers, R&D, and quality assurance departments must immediately initiate remediation, validation, and monitoring activities upon receiving vulnerability notifications. Additionally, the procurement department must require suppliers to provide declarations before purchasing, in order to reduce potential security risks.

We encourage both internal and external personnel and users to responsibly report any security vulnerabilities. By downloading and completing the dedicated vulnerability reporting form, reporters can submit detailed information about the vulnerabilities via email. During this process, reporters must comply with legal regulations and refrain from disclosing specific details until the vulnerabilities are resolved, to avoid further security threats.

Once a vulnerability report is received, the relevant departments will assess and verify it, including identifying the type of vulnerability, its impact, and validating its authenticity. Subsequently, based on risk prioritization, remediation or corrective actions will be undertaken. After remediation, validation testing must be conducted to ensure the fix is successful and does not introduce new issues.

Once the remediation is completed, internal notifications and necessary external announcements will ensure that all relevant parties are informed. Additionally, ongoing monitoring and improvement efforts will continue to summarize experiences and prevent similar issues from occurring again.

Through this series of processes, we are committed to protecting the security of our products and users, ensuring the company's long-term stable operation.

2.About The Mechanisms of Security

To Protect the Device

• Secure Firmware Updates
When updating the device software (firmware), the system automatically checks whether the update file is genuine and from a trusted source. Only verified files can be installed, preventing hackers from injecting malicious code.
• Secure Boot at Startup
Every time the device powers on, it checks whether the core system software has been altered. This ensures the device only runs authorized firmware.
• UART Port Disabled in User Mode
A special port used by engineers for testing is automatically disabled before shipping. This prevents unauthorized access through physical connections.
• Tamper-Resistant Hardware Design
The device is physically designed to be hard to open or disassemble, making it difficult for attackers to access internal components.

To Protect User Data
• Strong Password Requirements
Passwords must be 8 to 32 characters long, contain both uppercase and lowercase letters, and include at least one special symbol. This makes them harder to guess or break.
• Secure Password Storage
Your password is never stored in plain text. Instead, it’s converted into a secure hash and saved inside a secure hardware chip, which cannot be directly accessed.
• Encrypted Data Transmission
All data is protected through HTTPS encrypted communication using HTTP/1.1 over TLS 1.3. This protects against eavesdropping or tampering during transmission.
To Protect the Firmware Code
• Secure Code Management
All firmware code is stored in GitLab, a secure platform used in the industry. It keeps a full record of all changes and is protected by firewalls and antivirus tools.
• Periodic Security Scans
The firmware and source code are regularly scanned using vulnerability assessment tools. Any weaknesses are identified, rated by risk level, and fixed before release.
• Firmware Integrity Protection
The final firmware is protected using digital signatures, encryption, and security certificates during the build process. This ensures no one can secretly modify it.

3.Information Security Reports

Currently, there are no information security reports.

3.1 Known Third-Party Vulnerabilities: None
3.2 Security Updates and Patches: None
3.3 User Manual, Firmware Updates, and Patches

3.4 End-of-Life (EOL) Plan
EOL Announcement and Notification Process: Announced via the manufacturer’s official website.

N7-590
• Replacement Recommendation: HC1706
• Last Production Date: June 30, 2028
• Last Firmware Update: December 31, 2028
• Security Support Policy Until: December 31, 2028

4.Download Reporting File
File Name (Chinese Version):sm-qa-04-xx.a 產品漏洞揭露表.doc
File Name (English Version):SM-QA-04-XX.A Product Vulnerability Disclosure Form (English).doc

File Download Location:
https://drive.google.com/drive/folders/1UKmyEhp4aHT47C7gEFliDv27GtEK5ZKx?usp=drive_link

5.Reporting Contact
If there are any information security-related issues with our company's equipment or if there is a need to notify us of an event, please download and complete the reporting file mentioned above, and then email it to the contact address: brian_tang@sunnic.com, or contact +886-2-87973566 ext. 1005

Array ( )