How Swisscom saves $ 400,000 per avoided IoT security incident through automated firmware analysis

Protection against critical security gaps in telecommunication networks

Bad Homburg, October 28th, 2021 – With a turnover of over 10 billion euros and almost 20,000 employees, Switzerland’s technology and telecommunications company Swisscom is the industry leader in its country. Any defective rollout of routers, hotspots, repeaters and other device firmware would not only damage the company’s reputation, but also generate massive expenses. On average, each defective rollout is estimated to cost €350,000. Swisscom carries out several dozen such rollouts per year, and in the case of serious errors such as critical vulnerabilities, the company would have to repeat the entire process. Using technology from IoT Inspector, a company specializing in automated IoT security, Swisscom checks every piece of firmware and any updates for security breaches, risks, and gateways for potential hacker attacks. Swisscom currently has close to two million such devices in circulation among its customers. “We use the IoT Inspector platform to check every piece of software for potential risks before it even reaches release candidate status, at which point they are immediately analyzed and fixed. This allows us to effectively secure new features and interfaces,” says Giulio Grazzi, Senior Security Consultant at Swisscom.

Supply chain for IT products, often questionable

There is a risk associated with almost all IT products as the technologies they integrate are purchased from a variety of suppliers and then installed, among which are chipsets, Wi-Fi modules, and many other electronic components. “Many manufacturers’ components are used in the production of IT devices without the respective firmware being subjected to a comprehensive security check. By using a module from a third-party manufacturer, for example, a purchased Wi-Fi module becomes a potentially unacceptable risk. Our analysis also uncovers these vulnerabilities and facilitates their remediation,” explains Jan Wendenburg, CEO of IoT Inspector. Swisscom has already been using the technology since 2015 and has been able to increase the level of security and prevent additional costs due to faulty firmware images. IoT Inspector’s testing procedure is automated and integrated into Swisscom’s standard development process. With a 60% market share in mobile and broadband, the use of IoT devices will continue to grow.

Swisscom’s own IoT business model

For business customers, Swisscom is going one step further by implementing IoT Inspector’s security checks into its own solutions. This way, the telecommunications service provider creates its proper IoT ecosystem with gateways as well as IoT management. This is made possible through the in-depth security checks for all components in the chain between provider and customer, which take place during planning, implementation and ongoing operation. As a result, Swisscom can also provide critical IT services such as remote maintenance of machinery and equipment. “All facilities in the IoT field need a new and integral security thinking to seal off supplier devices against risks. It applies to the setup as well as to any update of the IoT devices in use,” outlines Wendenburg. IoT Inspector is one of the largest security platforms for IoT security and regularly exposes major vulnerabilities in technology products that would otherwise have been overlooked due to unclear component supply chains.

For more details on how Swisscom increases security ROI by using IoT Inspector, make sure to check out our whitepaper!


ONEKEY is the leading European specialist in Product Cybersecurity & Compliance Management and part of the investment portfolio of PricewaterhouseCoopers Germany (PwC). The unique combination of an automated Product Cybersecurity & Compliance Platform (PCCP) with expert knowledge and consulting services provides fast and comprehensive analysis, support, and management to improve product cybersecurity and compliance from product purchasing, design, development, production to end-of-life.

Critical vulnerabilities and compliance violations in device firmware are automatically identified in binary code by AI-based technology in minutes – without source code, device, or network access. Proactively audit software supply chains with integrated software bill of materials (SBOM) generation. “Digital Cyber Twins” enable automated 24/7 post-release cybersecurity monitoring throughout the product lifecycle.

The patent-pending, integrated Compliance Wizard™ already covers the upcoming EU Cyber Resilience Act (CRA) and existing requirements according to IEC 62443-4-2, ETSI EN 303 645, UNECE R 155 and many others.

The Product Security Incident Response Team (PSIRT) is effectively supported by the integrated automatic prioritisation of vulnerabilities, significantly reducing the time to remediation.

Leading international companies in Asia, Europe and the Americas already benefit from the ONEKEY Product Cybersecurity & Compliance Platform and ONEKEY Cybersecurity Experts.



Sara Fortmann

Marketing Manager


euromarcom public relations GmbH

+49 611 973 150