Product: Smart Thermostat
Model: TJ-225
Version: 2.2.0
5.7
/ 10.0
Evaluation Score
This product has satisfied the evaluation criteria below to earn a “Secure” rating from Affinity IoT Security Labs. Test results can be found below.
CASE NUMBER: VIN2021-10-5-17-7017
Evaluation Date: 10/29/2021
Evaluation Results:
Crititcal Criteria
57%
Important Criteria
60%
Valuable Criteria
33%
Critical Criteria
Important Criteria
Valuable Criteria
Critical Criteria
| Criteria | Yes/No |
| Does the product require a login to access administrative features ? |  |
| Does the product enforce strong password requirements ? | |
| Is it possible to easily update the product software ? | |
| Does the product support automated software updates ? |  |
| Does the product validate and reject unacceptable inputs ? | |
| Does the product support secure administrative access ? | |
| Does the product fail safely ? | |
Important Criteria
| Criteria | Yes/No |
| Does the product feature anti-robot brute-force protection ? | |
| Does the product support multi-factor authentication ? | |
| Does the product allow administrative accounts to be created ? | |
| Does the product allow the default administrative accounts to be removed/disabled ? | |
| Does the product encrypt the information that it stores ? | |
| Does the product encrypt its communications with other devices ? | |
| Does the product authenticate other devices and components it interacts with ? | |
| Does the product authenticate the update server ? | |
| Does the product fully redact its make, model, and software version in non-admin comms ? | |
| Does the product securely log access events ? | |
Valuable Criteria
| Criteria | Yes/No |
| Does the product verify downloaded software updates via digital signature ? | |
| Does the product feature any DoS resistance features ? | |
| Does the product resist physical tampering ? | |