How Swisscom saves $ 400,000 per avoided IoT security incident through automated firmware analysis

Protection against critical security gaps in telecommunication networks

Bad Homburg, October 28th, 2021 – With a turnover of over 10 billion euros and almost 20,000 employees, Switzerland’s technology and telecommunications company Swisscom is the industry leader in its country. Any defective rollout of routers, hotspots, repeaters and other device firmware would not only damage the company’s reputation, but also generate massive expenses. On average, each defective rollout is estimated to cost €350,000. Swisscom carries out several dozen such rollouts per year, and in the case of serious errors such as critical vulnerabilities, the company would have to repeat the entire process. Using technology from IoT Inspector, a company specializing in automated IoT security, Swisscom checks every piece of firmware and any updates for security breaches, risks, and gateways for potential hacker attacks. Swisscom currently has close to two million such devices in circulation among its customers. “We use the IoT Inspector platform to check every piece of software for potential risks before it even reaches release candidate status, at which point they are immediately analyzed and fixed. This allows us to effectively secure new features and interfaces,” says Giulio Grazzi, Senior Security Consultant at Swisscom.

Supply chain for IT products, often questionable

There is a risk associated with almost all IT products as the technologies they integrate are purchased from a variety of suppliers and then installed, among which are chipsets, Wi-Fi modules, and many other electronic components. “Many manufacturers’ components are used in the production of IT devices without the respective firmware being subjected to a comprehensive security check. By using a module from a third-party manufacturer, for example, a purchased Wi-Fi module becomes a potentially unacceptable risk. Our analysis also uncovers these vulnerabilities and facilitates their remediation,” explains Jan Wendenburg, CEO of IoT Inspector. Swisscom has already been using the technology since 2015 and has been able to increase the level of security and prevent additional costs due to faulty firmware images. IoT Inspector’s testing procedure is automated and integrated into Swisscom’s standard development process. With a 60% market share in mobile and broadband, the use of IoT devices will continue to grow.

Swisscom’s own IoT business model

For business customers, Swisscom is going one step further by implementing IoT Inspector’s security checks into its own solutions. This way, the telecommunications service provider creates its proper IoT ecosystem with gateways as well as IoT management. This is made possible through the in-depth security checks for all components in the chain between provider and customer, which take place during planning, implementation and ongoing operation. As a result, Swisscom can also provide critical IT services such as remote maintenance of machinery and equipment. “All facilities in the IoT field need a new and integral security thinking to seal off supplier devices against risks. It applies to the setup as well as to any update of the IoT devices in use,” outlines Wendenburg. IoT Inspector is one of the largest security platforms for IoT security and regularly exposes major vulnerabilities in technology products that would otherwise have been overlooked due to unclear component supply chains.

For more details on how Swisscom increases security ROI by using IoT Inspector, make sure to check out our whitepaper!