Quectel Wireless Solutions, a global IoT solutions provider, today announces that, according to a recent milestone report by Finite State, an independent third-party cybersecurity firm, nearly 95% of all Quectel modules shipped to the United States since the beginning of 2022 have industry-leading security scores based on penetration testing and binary analysis by Finite State.
The report highlights a notable enhancement in Quectel’s security position, expanding the number of modules tested and with scores across the tested modules improving from an average of 33 to 18, up from an average of 62 to 24 in previous testing. This represents a substantial improvement, as both the initial and revised scores significantly surpass the industry average of 98 with the lowest (best) score of 10. Further, the number of and severity of vulnerabilities Finite State did identify in Quectel products or modules are significantly less than the industry standard and revealed a very limited attack surface. Those issues Finite State did discover have been quickly remedied by Quectel.
This advanced phase of testing leverages Finite State’s security technologies and expertise to conduct an exhaustive third-party evaluation of Quectel’s modules. The advanced testing encompasses an array of sophisticated security assessments designed to fortify Quectel’s modules against the evolving landscape of cyber threats, including binary analysis of numerous Quectel products and both penetration testing and binary analysis of several Quectel cellular modules.
“Entering this next phase of security testing with Finite State underscores our relentless pursuit of the highest security standards for our products,” stated Norbert Muhrer, President and CSO, Quectel Wireless Solutions.
“Our continued collaboration is a reflection of our commitment to exceed industry security expectations, ensuring our customers benefit from the most secure and reliable communication modules available – tested and verified by one of the most trusted US cyber security firms. We’re thrilled that the latest report from Finite State demonstrates our commitment and progress.”
The continued integration of Finite State into Quectel’s transparency and security program reaffirms Quectel’s commitment to pioneering unparalleled security practices in the IoT and telecommunications sectors. Quectel has made a measurable improvement in key areas such as the security health of the code, the sophistication of the vulnerability management process, and the transparency of its software supply chain.
The program is strategically designed with three key goals to address the pressing issues in cybersecurity today:
Implementing the Finite State Platform into Quectel’s DevSecOps procedures, which enhances firmware binary analysis, manages vulnerabilities efficiently, and offers specific recommendations for remediation.
Developing and sharing Software Bill of Materials (SBOM) and Vulnerability Exploitability Exchange (VEX) documents for each of Quectel’s products, which promotes a transparent environment and provides critical insights into the software components of Quectel’s devices along with any vulnerabilities they may contain.
Conducting comprehensive manual penetration tests by Finite State’s expert Red Team, which augments automated testing methods and delivers detailed security evaluations for Quectel’s product line.
Matt Wyckhouse, CEO of Finite State, commented, “Progressing to this next phase of security testing demonstrates Quectel’s commitment to leading the industry with transparent, rigorous cybersecurity practices. Quectel’s willingness to subject their products to such rigorous scrutiny is commendable and sets a new industry standard to further safeguard the IoT ecosystem.”
The outcome of this continued engagement is anticipated to enhance the security framework of Quectel’s modules and inspire a shift towards more rigorous security standards across the telecommunications industry. Quectel is dedicated to sharing insights and best practices gleaned from this process, contributing to a safer, more secure digital future.
In addition to the activity with Finite State, Quectel is actively pursuing collaboration with multiple standards-setting organizations to enhance and commit to a more rigorous set of security requirements. This initiative aims to achieve key security certifications from both industry and governmental bodies, underlining Quectel’s dedication to advancing security standards within the sector.