Product security: advancing secure and reliable modules for a smarter, connected world
Contact us today to learn more about how our secure IoT solutions can support your business
Get in touch
At Quectel, product security isn’t an afterthought — it’s in our DNA. Recognizing the pivotal role IoT modules play in shaping our connected world, we’re committed to implementing robust security measures at every stage of our product lifecycle. With our multifaceted approach to security, Quectel’s IoT modules are designed to adhere to industry best practices and standards, while also staying ahead of the evolving security landscape.
In line with our commitment to providing top-notch security for our modules, we have joined forces with Finite State, the US-based leader in enterprise software supply chain risk management. Through this collaboration, we aim to reinforce the security of our modules by subjecting them to rigorous security testing, improving software supply chain visibility, and implementing comprehensive software risk management measures.
By addressing the ever-changing regulatory landscape and delivering verifiable information on secure software development practices, this partnership offers our customers the peace of mind they deserve. Our dedication to ensuring compliance and security within Quectel’s product suite is unwavering, emphasizing transparency, regulatory adherence, and a steadfast pursuit of industry-leading security standards. The alliance with Finite State is a vital component of our broader initiative to achieve these goals and solidify our customers’ trust in our products.
Our dedicated customer support team is readily available to address any security concerns or inquiries you may have. In the event of a security incident, our established incident response plan facilitates swift investigation, containment, and recovery.
Benefits of our product security: building trust through transparency
Threat protection: Our security-first approach enables device OEMs to defend against a wide array of security threats, ensuring their data and systems are secured.
Trustworthy connectivity: Our modules establish a trusted, secure connection, enabling seamless, secure wireless communication.
Future-proof solutions: Regular security updates, working with leading third-party security firms, and adapting to emerging threats keep your IoT deployments secure.
We provide regular transparency reports detailing the nature, number, and severity of vulnerabilities identified, along with our response timelines.
We implement top-tier data protection measures to ensure customer data is securely handled during device usage, storage, and transmission.
Our core product security principles
Security by design
Quectel’s IoT modules are developed with security at the core. From product architecture to firmware/software development, we incorporate leading industry practices and standards, mitigating potential vulnerabilities from the get-go.
Comprehensive security testing
We don’t just test our modules — we challenge them. Leveraging vulnerability assessments, penetration testing, static application security testing, software composition analysis, and other rigorous methodologies, we ensure our modules stand tall against potential threats.
Regular updates and continuous protection
Security is a journey, not a destination. We proactively address vulnerabilities by regularly releasing firmware and software updates to safeguard your IoT deployments.
Secure supply chain
Our secure hardware and software supply chain emphasizes component security and mitigates risks associated with tampering or counterfeit materials. We maintain close relationships with all third-party software suppliers to ensure the timely application of security updates and remediation.
Transparency and software bill of materials (SBOMs)
We incorporate select security practices like generating SBOMs and VEX files as well as performing firmware binary analysis into our secure software development lifecycle.
Click here to access available SBOMs and VEX files.
Regulatory compliance
Our IoT modules comply with global and regional security and privacy regulations. We actively collaborate with recognized certification organizations to foster a culture of compliance and customer trust.
Click here to learn more about the regulatory bodies we collaborate with.
Contact our Product Security Incident Response Team
If you have discovered a potential security vulnerability in a Quectel module, please let us know via this form. Our Product Security Incident Response Team (PSIRT) is committed to resolving vulnerabilities in a timely and responsible manner.