Booth number 5469-6

ONEKEY is a specialist for automated security & compliance analysis for OT& IoT. Using automatically generated "Digital Twins" and "Software Bill of Materials" of devices,

About us

ONEKEY is a leading European specialist in product cybersecurity. The unique combination of an automated security & compliance software analysis platform and consulting services by cybersecurity experts provides fast, comprehensive analysis, and solutions in the area of IoT/OT product cybersecurity. Building upon automatically generated "Digital Twins" and "Software Bill of Materials (SBOM)" of devices, ONEKEY autonomously analyzes firmware for critical security vulnerabilities and compliance violations, all without source code, device, or network access. Vulnerabilities for attacks and security risks are identified in the shortest possible time, and can thus be remediated in a targeted manner. The easy-to-integrate solution enables manufacturers, distributors, and users of IoT technology to quickly and continuously perform 24/7 security and compliance audits throughout the product lifecycle. Leading international companies in Asia, Europe, and America are already successfully benefiting from the ONEKEY platform and experts.

Kaiserswerther Str. 45
40477 Duesseldorf

Phone: +49 211 15874104

Contact person

Jan C. Wendenburg
Phone: +49 171 5555312

Products & Services

ONEKEY provides fully automated binary analyses of IoT firmware - without the need for source code, network connectivity, or physical device access. The platform delivers instant results, comprehensive reports, and is available as a cloud service or as a customizable on-premises solution.

Analysis capabilities include best in class online cryptographic analysis, information leakage detection, and firmware comparison - covering detection of hard-coded passwords, outdated components, insecure configurations or coding patterns, and more.

The integrated Compliance Checker detects violations of international regulatory standards, such as ETSI 303 645, ENISA Baseline Security Recommendations for IoT, OWASP TOP 10 IoT 2018, or DIN SPEC 27072.

ONEKEY Monitoring offers the continuous analysis of rolled out firmware images throughout their entire product lifecycle.

The powerful API integrates with risk management and software development tools such as Jira, GitLab, etc.
Product Security Platform

Automated security & compliance from product design to End-of-Life, including binary analyses of IoT firmware, without source code, network, or physical access. Results in minutes - available SaaS or on-premises. Analysis includes automated SBOMs, zero-day vulnerability detection & CVE matching, online cryptographic analysis, information leakage detection &firmware comparison. Compliance checker detects violations of international regulatory standards, i.e. IEC62443, EU Cyber Resilience Act etc.

Further reading

Product Security Services

ONEKEY offers comprehensive security services for products, including SDLC Assessment & Gap Analysis, Threat Modeling, Design & Architecture Review, Security Test Automation, Configuration Review, Source Code Review, Penetration Test, Independent 3rd Party Assessment, Conformity Testing, Firmware Extraction & Decryption, Security Monitoring, & Vulnerability Triage & Mitigation Support. We will assist you throughout the product lifecycle by understanding your threat landscape and attack surface.

Further reading

News & Innovations

ONEKEY: New Release of Cybersecurity Software finds the most dangerous IoT Vulnerabilities
ONEKEY is releasing new software to detect previously unknown vulnerabilities, including zero-day threats. The software performs an automated analysis of binary code and identifies all device components, matching them against international databases. It detects potential security problems such as outdated cryptography and hard-coded credentials, in addition to 0-day vulnerabilities. The platform provides information on where each vulnerability is located in the code, helping customers quickly isolate and fix the issue. The new version of ONEKEY software also provides a transparent listing of software components in SBOMs and detects private keys, which can easily be exploited as a potential backdoor. The threat level classification has been expanded to include “critical” and “informal”. ONEKEY is working intensively on automating their software to find known and unknown risks to better protect businesses that have a lot of network-connected technology in use. Further reading
Security Advisory: Remote Command Execution in binwalk
A security vulnerability was discovered in ReFirm Labs' binwalk software. The issue is a path traversal vulnerability that affects versions 2.1.2b to 2.3.2. The vulnerability allows remote attackers to execute arbitrary code on systems where the software is installed. The target must open a malicious file using binwalk's extract mode for the exploit to be successful. No vendor advisory or fixed version has been released at the time of the advisory, but the vulnerability has been assigned CVE-2022-4510 and has a high CVSS score of 7.8. The path traversal was discovered by ONEKEY Research Lab. Further reading
EU Cyber Resilience Act: What to watch out for now
The EU Commission's Cyber Resilience Act aims to increase the security level of connected devices by making manufacturers, importers, and distributors responsible for creating secure devices and maintaining that level of security throughout the product's life-cycle. The act is a response to the widespread low level of cybersecurity of connected devices and the increasing threat landscape, which caused global annual costs of more than EUR 5.5 trillion in 2021. The regulation mandates the implementation of mature cybersecurity processes, a reporting obligation for actively exploited vulnerabilities, a duty to monitor and mitigate vulnerabilities during the expected product lifecycle, and an obligation to publish security information and how to securely install and operate devices. In the future, manufacturers and distributors must inform ENISA, the European Union Agency for Cyber Security, within 24 hours when a security vulnerability is exploited. ONEKEY offers a Real-Time Monitoring service to help customers stay compliant with the Cyber Resilience Act by receiving immediate notifications of security vulnerabilities and incidents and offering automatic notification to ENISA. Local market surveillance authorities in each member state will be responsible for implementing and enforcing the directive. Further reading

Click here if you notice an image that violates copyright or privacy rights.

Get in contact

We only use functionally necessary cookies and the web analysis tool Matomo in order to optimally design and continuously improve our website for you. By continuing to use our website, you agree to this. Further information and an objection possibility can be found here: Data protection