Security strategy
Public feedback interface
Security researchers can notify Linkplay of security vulnerabilities in devices.
Linkplay official website
https://linkplay.com
Contact of Linkplay’s security department
Security report from independent security expert
Linkplay has signed a partnership with Security Corporation, who will provide a security test report for Linkplay’s devices.
Software vulnerability monitoring
Monitor the public information of the following websites through regular and continuous monitoring.
CVE (http://cve.mitre.org/)
NVD (https://nvd.nist.gov/)
Statement of Compliance on Security Software Updates
Linkplay Technology, Inc. hereby declares compliance for the products under its purview with security standards outlined in Schedule 1 of The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023 in accordance with the Product Security & Telecommunications Infrastructure Act 2022 mandated by the UK government.
Linkplay commits to delivering software security updates for the listed products for at least 2 years from their launch date, as detailed in the table below. These updates are accessible and manageable through the 'More' section of the WiiM Home mobile application.
Module Table
Linkplay Modules Launch Date Security Update Period
W98 Jan. 1, 2026 Dec. 31, 2029
Product Table
Linkplay Products Launch Date Security Update Period
WiiM Mini Sep. 26, 2021 Dec. 31, 2029
WiiM Pro Oct. 20, 2022 Dec. 31, 2029
WiiM Pro Plus Aug. 8, 2023 Dec. 31, 2029
WiiM Amp Nov. 22, 2023 Dec. 31, 2029
WiiM Amp Pro Aug. 15, 2024 Dec. 31, 2029
WiiM Ultra Jul. 6, 2024 Dec. 31, 2029
WiiM Wake-up Light Apr. 11, 2023 Dec. 31, 2029
WiiM CI MOD S Sep. 5, 2024 Dec. 31, 2029
WiiM CI MOD A80 Sep. 5, 2024 Dec. 31, 2029
WiiM Vibelink Amp Mar. 15, 2025 Dec. 31, 2029
WiiM Sub Pro Jun. 30, 2025 Dec. 31, 2029
WiiM Sound Sep. 15, 2025 Dec. 31, 2029
WiiM Bar May. 30, 2026 Dec. 31, 2029
Software maintenance update strategy
Monitor version updates for third-party components and update to the latest version to avoid the existence of known vulnerabilities. Fixes for severity vulnerabilities will be bundled in existing updates.
When any vulnerability is identified, update the firmware as follows:
1. Vulnerabilities identified by customers, users, etc.
2. A security related review meeting must be held immediately and the corresponding solution needs to be presented.
In particular, participants must include security technology manager, project development manager, firmware architecture manager, and Technical Director.
CVSSv2 will be used as a reference standard for assessing and prioritizing vulnerability.
3. According to the solution, the developer performs the specific implementation.
4. Code review. Reviewers should include security technology manager and project development.
5. Release firmware.
6. QA team test the firmware. If there are any problems, go back to step three.
7. Code merged into trunk branch.
8. The project manager notify customers that they need to update the software and get customer’s upgrade confirmation.
9. Perform OTA on the corresponding project.
Security response plan
If security incident arises, the incident must be treated as the highest priority urgent in 72 hours. CEO and CTO must be aware of this incident and participate in incident handling. If the incident is a software maintenance issue, then it will be handled according to the process of the “Software maintenance update strategy” in this document. A tripartite meeting should be held immediately. The participants are Linkplay, OEMS. The meeting needs to collect information, clarify the situation of the accident, and estimated timelines for remediation of an incident. If there is a special major impact incident, Linkplay will discuss the timelines for remediation with customer.