
Quectel IoT Modules Get High Security Scores From Cybersecurity Expert Finite State; Pioneering Cybersecurity Transparency Program Begins
Quectel Wireless Solutions, a global IoT solutions provider, announced today that extensive testing by Finite State, a major cybersecurity consultancy, shows that Quectel’s products substantially exceed industry standards and best practices in multiple security measures.
Quectel engaged Finite State, a third-party expert security firm focused on managing software supply chain risk for the enterprise, to rigorously test Quectel’s IoT modules to demonstrate Quectel’s commitment to transparent, verifiable product security.
The first progress report released to Quectel concludes that its modules’ security score, as reflected in Finite State's risk profiling, started strong when testing began earlier this year and got stronger rapidly as Quectel implemented Finite State’s recommendations. The score improved across the modules tested from an average of 62 to 24 with the highest possible score being 10. The report underlines that this is a significant improvement in Quectel’s security posture with both the initial and current scores far exceeding the industry average score of 98.
"Quectel has embraced security and transparency holistically, in a way that we rarely see from other organizations. Their commitment to make SBOMs and VEX reports available to their customers will make the IoT industry more secure and transparent," said Matt Wyckhouse, CEO of Finite State. "They have built upon their existing security testing processes by integrating even deeper testing into their first- and third-party code, and they've responded to findings in their development process faster than others in their industry, resulting in risk metrics that place them in the top 10% of all connected products we've analyzed," Matt Wyckhouse continued.
Finite State focused its initial penetration testing and analysis on the most critical Quectel cellular modules sold in the U.S. The platforms verified by Finite State represent approximately 70 percent of all North American IoT modules shipped within the last 18 months.
“Quectel plans to continue this third-party penetration testing and security verification for all of its most critical modules and to make it an ongoing and life-cycle process. We also encourage and assist our device original equipment manufacturers (OEMs) customers to do their own third-party testing,” said Norbert Muhrer, president and CSO of Quectel. “These results will guide Quectel as we continue to enhance our cybersecurity implementation on our products. We encourage our competitors to follow us on their own in such approach to make the IoT industry the safe and trusted place our customers expect it to be.”
In addition to penetration testing of its key modules, Quectel announced the release of Software Bill of Materials (SBOM) and Vulnerability Exploitability Exchange (VEX) documents for its IoT modules. As an industry-first among IoT module manufacturers, these resources will be made available through the Quectel website. The SBOM and VEX documents will assist customers in this crucial task by providing machine-readable, comprehensive data. The SBOM documents will detail the software components and dependencies within each IoT module, along with licensing and provenance information. The VEX files will provide updated data on the vulnerabilities identified and their status.
Providing SBOM and VEX documents has a cascading effect on the entire IoT ecosystem. As a Module provider, Quectel is integral to the architecture of numerous IoT devices. The transparency and commitment to security will benefit all IoT products built on Quectel’s platforms.
“Our commitment to being both secure and transparent sets us apart,” Muhrer said. “By making this information readily accessible, we aim to empower our customers to make better-informed decisions about security risk assessment and patching prioritization and provide full transparency around our security posture. We are offering a full tool-box of security related measures and consulting to our customers to implement secure devices. Quectel is also collaborating with standards-setting bodies to help develop and then commit to achieving a stringent set of security requirements, including attainment of several key industry and government security certifications,” Mr. Muhrer added.
Separately, Quectel reiterated that its modules maintain the highest standards of data protection and security. “Quectel customers own and control all of the data collected by its modules. Quectel has no access to any of the device data,” said Peter Fowler, senior vice president, North America, Quectel. “Quectel is committed to delivering high-quality, best-in-class, secure IoT modules and go above and beyond industry standard practices by conducting independent third-party cyber security audits.”
Quectel retained Finite State in May 2023 to audit and penetration-test the security of its modules. Its ongoing work includes rigorous security testing, improved software supply chain visibility, and comprehensive software risk management.
About Quectel
Quectel’s passion for a smarter world drives us to accelerate IoT innovation. A highly customer-centric organization, we are a global IoT solutions provider backed by outstanding support and services. Our growing global team of 5,900 professionals sets the pace for innovation in cellular, GNSS, Wi-Fi and Bluetooth modules as well as antennas and services.
With regional offices and support across the globe, our international leadership is devoted to advancing IoT and helping build a smarter world.
For more information, please visit: www.quectel.com, LinkedIn, Facebook, and X.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20230926898165/en/
Contact information
Media: media@quectel.com
About Business Wire
(c) 2018 Business Wire, Inc., All rights reserved.
Business Wire, a Berkshire Hathaway company, is the global leader in multiplatform press release distribution.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Rocket Software to Acquire OpenText’s Application Modernization and Connectivity Business28.11.2023 22:20:00 CET | Press release
Rocket Software, Inc. (“Rocket Software”), a global technology leader driving modernization for the world’s largest companies, today announced it has signed a definitive agreement to acquire the Application Modernization and Connectivity business (AMC) of OpenText (NASDAQ: OTEX), (TSX: OTEX), which was formerly part of Micro Focus. The total purchase price is $2.275B. For decades, Rocket Software has been the partner solving complex IT challenges for the largest and most innovative organizations, across infrastructure, data, and applications. Rocket Software’s hybrid cloud strategy empowers customers to optimize their application portfolio wherever they are in their modernization journey, enabling them to bridge the gap to modern use cases without disrupting their mission-critical operations. This approach allows organizations to benefit from the mainframe's security and dependability while also taking advantage of powerful analytics tools in the cloud. AMC has been a leader in applica
NetApp and AWS Deliver a Nine Times Performance Increase for Amazon FSx for NetApp ONTAP28.11.2023 22:05:00 CET | Press release
NetApp® (NASDAQ: NTAP), the intelligent data infrastructure company, announced at re:Invent, scale-out FSx for ONTAP® file systems through its collaboration with AWS. Scale-out file systems offer up to nine times higher storage performance compared to existing file systems, enabling customers to run high-performance applications on AWS more quickly and efficiently. FSx for ONTAP enables customers to use ONTAP’s data management features for a wide variety of workloads, such as user and application file shares, relational databases (SAP HANA), data stores for VMware cloud on AWS and backup and disaster recovery. With the new enhancements, customers can now use FSx for ONTAP for a broader range of higher-performance use cases, such as high-performance computing (HPC), electronic design automation (EDA), visual effects (VFX) and film editing, life sciences, seismic analysis, machine learning, and generative AI. Organizations of all sizes are migrating on-premises workloads to AWS or deploy
Varberg Energi Selects Hansen to Power Intraday Trading28.11.2023 20:50:00 CET | Press release
Hansen Technologies (ASX:HSN), a leading global provider of software and services to the energy, water and communications industries, is pleased to announce Varberg Energi, a Swedish energy company, as a new Hansen customer. Varberg Energi, which has recently added physical-trading operations and balance responsibility to its services, will leverage Hansen Trade to enable this. The intraday trading solution within Hansen Trade will allow Varberg Energi to automate intraday trading operations and balance management. With Hansen Trade as part of its everyday operating infrastructure, Varberg Energi will be able to take advantage of physical trading operations without the need to spend significant time and effort on manual operations. Jens Nordberg, Head of Energy Trading, Varberg Energi, commented: “We have recently made a strategic decision to insource physical-trading operations and balance responsibility. Combined with our flexibility portfolio, we believe that this will create the ri
Abu Dhabi’s Advanced Technology Research Council launches ‘AI71’: New AI Company Pioneering Decentralised Data Control for Companies & Countries28.11.2023 18:16:00 CET | Press release
In an era of rapid advancements across artificial intelligence (AI), Abu Dhabi’s Advanced Technology Research Council (ATRC) is making yet another bold stride with the launch of its new AI company, AI71. The entity builds on the Technology Innovation Institute’s (TII) Falcon generative AI models and will focus on multi-domain specializations while offering unprecedented AI data control options for companies and countries looking to self-host for greater privacy. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20231128549220/en/ H.H. Sheikh Khaled bin Mohamed bin Zayed Al Nahyan, Crown Prince of Abu Dhabi and Chairman of the Abu Dhabi Executive Council launches AI71 along with H.E Faisal Al Bannai, Secretary General, Advanced Technology Research Council (Photo: AETOSWire) The new AI powerhouse was launched by H.H. Sheikh Khaled bin Mohamed bin Zayed Al Nahyan, Crown Prince of Abu Dhabi and Chairman of the Abu Dhabi Executive Cou
Pixitmedia Amplifies Presence in US Market via Distribution and Reseller Agreement with JB&A28.11.2023 17:55:00 CET | Press release
pixitmedia, a Kalray company (Euronext Growth Paris: ALKAL) and a global leader in software-defined storage and data management and orchestration solutions for the media and entertainment industry, today announces expansion into the U.S. market by naming JB&A as its primary distribution partner. JB&A is a leading distributor of technology products and solutions serving a wide range of industries including broadcast, post-production, live events, and more. JB&A is a subsidiary of DCC, a leading international sales, marketing, and support services group worldwide. This strategic alliance translates into significant growth opportunities in the North America market for pixitmedia, whose solutions integrate with media and entertainment workflows to drive data management and storage efficiency both on premises and in the cloud. This partnership also sets the stage to speed deployment of both pixitmedia and Kalray solutions into the US market. US-based media and entertainment customers can no