ONEKEY (formerly IoT Inspector)

Booth number North Hall 5671-21

onekey.com

ONEKEY is the leading European platform for automated security & compliance analysis for industrial (IIoT & ICS), manufacturing (OT) and Internet of Things (IoT) devices.

About us

ONEKEY (formerly IoT Inspector) is the leading European platform for automated security & compliance analysis for industrial (IIoT & ICS), manufacturing (OT) and Internet of Things (IoT) devices. Using automatically generated "Digital Twins" and "Software Bill of Materials (SBOM)" of devices, ONEKEY autonomously analyzes firmware for critical security vulnerabilities and compliance violations, all without source code, device, or network access. Vulnerabilities for attacks and security risks are identified in the shortest possible time and can thus be specifically remedied. Easily integrated into software development and procurement processes, the solution enables manufacturers, distributors, and users of IoT technology to check security and compliance quickly and automatically before use and 24/7 throughout the product lifecycle. Leading companies such as SWISSCOM, VERBUND AG and ZYXEL are using this platform today - universities and research institutions can use the ONEKEY platform for study purposes free of charge.

Address
ONEKEY (formerly IoT Inspector)
Kaiserswerther Str. 45
40477 Düsseldorf
Germany

Phone: +49 211 1587 4104
Internet: onekey.com

Products and Services

ONEKEY provides fully automated binary analyses of IoT firmware - without the need for source code, network connectivity, or physical device access. The platform delivers instant results, comprehensive reports, and is available as a cloud service or as a customizable on-premises solution.

Analysis capabilities include best in class online cryptographic analysis, information leakage detection, and firmware comparison - covering detection of hard-coded passwords, outdated components, insecure configurations or coding patterns, and more.

The integrated Compliance Checker detects violations of international regulatory standards, such as ETSI 303 645, ENISA Baseline Security Recommendations for IoT, OWASP TOP 10 IoT 2018, or DIN SPEC 27072.

ONEKEY Monitoring offers the continuous analysis of rolled out firmware images throughout their entire product lifecycle.

The powerful API integrates with risk management and software development tools such as Jira, GitLab, etc.

News & Innovations

Protection against critical security gaps in telecommunication networks: ONEKEY saves Swisscom $400k per avoided faulty software rollout and update
With a turnover of over 10 billion euros and almost 20,000 employees, Switzerland’s technology and telecommunications company Swisscom is the industry leader in its country. Any defective rollout of routers, hotspots, repeaters and other device firmware would not only damage the company’s reputation, but also generate massive expenses. On average, each defective rollout is estimated to cost €350,000. Swisscom carries out several dozen such rollouts per year, and in the case of serious errors such as critical vulnerabilities, the company would have to repeat the entire process.

Using technology from ONEKEY, a company specializing in automated IoT security, Swisscom checks every piece of firmware and any updates for security breaches, risks, and gateways for potential hacker attacks. Swisscom currently has close to two million such devices in circulation among its customers. “We use the ONEKEY platform to check every piece of software for potential risks before it even reaches release candidate status, at which point they are immediately analyzed and fixed. This allows us to effectively secure new features and interfaces,” says Giulio Grazzi, Senior Security Consultant at Swisscom. Further reading
Critical security vulnerabilities in Realtek chips affect more than 65 hardware manufacturers
ONEKEY's researchers recently disclosed security issues in Realtek chips that affect a long list of manufacturers: AsusTEK, Belkin, D-Link, Edimax, Hama, Logitec, Netgear, and many more equip their Wi-Fi devices with software development kits (SDKs) from Realtek. A vulnerability within the Realtek RTL819xD module allows hackers to gain complete access to the device, installed operating systems and other network devices.

A successful attack would provide full control of the Wi-Fi module, as well as root access to the embedded device’s operating system. There is currently far too little security awareness for IoT devices – neither among users, nor among manufacturers, who blindly rely on components from other manufacturers in their supply chain without testing them. As a result, these components or products become an unpredictable risk for companies across all industries. Further reading
Severe SDK vulnerabilities at Broadcom due to copy-paste engineering
Hardware components from Broadcom can be found in numerous devices from leading vendors such as Cisco, DD-WRT or Linksys. ONEKEY recently reported that significant vulnerabilities lie deep in the software development kit (SDK). The ONEKEY Research Lab team exposed vulnerabilities that have been a common thread throughout products built on Broadcom for more than a decade, providing a welcome entryway for hackers.

In addition to the issue of the unmonitored supply chain — i.e., the use of hardware without prior risk verification — what stands out here is how serious the consequences of copy-paste engineering can be: Although Broadcom published a patch as early as 2011, leading manufacturers repeatedly built these vulnerabilities into products as they rely on a faulty version of the SDK.

ONEKEY is the leading European platform for analyzing device firmware, and regularly uncovers vulnerabilities at component or device manufacturers. Further reading

Click here if you notice an image that violates copyright or privacy rights.

Get in contact
OK

We only use functionally necessary cookies and the web analysis tool Matomo in order to optimally design and continuously improve our website for you. By continuing to use our website, you agree to this. Further information and an objection possibility can be found here: Data protection