IoT firmware security audit — vulnerabilities fixed, rollout delivered, NIS2 readiness evidence prepared.
Baseline
An automation vendor used third‑party IoT control modules. After a security incident at another customer of the same manufacturer, it was clear the proprietary firmware—no longer receiving updates—had to be audited. 200+ modules in the field. Enterprise customers required a NIS2 evidence package.
Vulnerabilities found
Solution: hardening and security upgrade
Credentials
Removed hardcoded passwords → X.509 certificate authentication + BLE provisioning
Encryption
RC4 → AES‑256‑GCM for all connections. MQTT over TLS 1.3.
HTTP parser
Rewritten from scratch. Length validation, bounds checking, hardened C++ with static analysis.
Secure boot
RSA‑2048 firmware signing. Only signed OTA images are accepted. Rollback protection.
Debug services
Fully disabled in production mode. Hardware jumper instead of a software flag.
Audit logging
Full log: connections, config changes, alarms with timestamp.
Rollout: 200+ modules in waves
OTA update in waves (20% → 50% → 100%) with continuous monitoring. Typical update time per module: a few minutes. Rollout completed within weeks.
IoT devices in the field — how secure is your firmware?
Firmware security audit: we analyze, find vulnerabilities, and deliver hardened firmware.
Request a free assessment