Firmware code audit for the KONVOI truck security solution
KONVOI offers the first preventive, technologically updateable security solution for parked trucks to protect against vehicle damages, cargo theft, and driver assaults. Sensors continuously monitor the close environment of the trucks and initiate individual set preventive measures before any first damage happens. The collected data is transmitted to an IoT cloud and enables multiple data services like planning more secured routes, support in insurance claims settlements, and a real-time security promise for the supply chain.
The client wanted to perform the code audit of its truck security solution’s firmware part to professionalize their firmware code, ensuring the high quality and security of the embedded system before mass production.
The KONVOI team entrusted firmware code audit to Lemberg Solutions as a credible ISO-9001 and ISO-27001 certified development partner with broad expertise in embedded development projects. Our embedded engineers deeply reviewed the firmware code, providing the code improvements for the KONVOI in-house development team.
KONVOI develops the system under high security and industry requirements. Consequently, the KONVOI team decided to receive a professional and independent assessment of their current firmware code created by their in-house engineers before entering the global market.
The request was to review the system part that is accountable for sensor data collection and transition to the cloud. As the primary tasks were defined, we dedicated an experienced embedded engineer to conduct a professional and extensive firmware code audit to reveal critical and non-critical system errors, potential system bugs, and security vulnerabilities to improve the code quality overall.
We created a UML diagram, a class diagram that helped us understand the code topology to get acquainted with code structure deeper. Then, we thoroughly explored the project structure and firmware code architecture to prepare for deep code analysis.
We examined each code module in detail, looking for potential bugs and code improvements related to the used functions, tools, and code style to make the firmware more resistant to system errors and prevent unexpected system behavior.
As a result, we provided the client with documentation of the detected system vulnerabilities and recommendations on the changes required to improve the code quality.
At this point, we have successfully completed the tech audit of the firmware part and are discussing the following touchpoints in our cooperation.
How it works
We rely on competent partners for professionalization in our company. We had already been maintaining relations with Lemberg for several years and were considering cooperation. First of all, Lemberg prepared a detailed estimation of the cooperation. The project was completed faster than announced and within the set budget. We are happy about the trustful cooperation and look forward to further projects in the future.