IoT module security report
Securing the cellular IoT ecosystem: trends, regulations, and supply chain best practices
Read report
The world is becoming ever more connected, but it must be secured
IoT module security has never been more important: IoT Analytics estimates that IoT devices reached 18.8 billion by the end of 2024, rising by 13% on the previous year. As connected systems become more complex and more data is shared, the opportunities for fraud and other abuses increase – making responsible business practices an increasingly urgent requirement throughout the supply chain.
Software and network security solutions have historically overshadowed hardware security in IoT due to their visibility and simpler implementation, while hardware security is often more complex and costly. However, hardware-based security allows manufacturers and consumers to ensure module authenticity, addressing cloning, counterfeiting, and key protection.
IoT device security has been a particular area of focus among civic authorities and industry commentators across Europe and the US over the last year, and IoT module security is at the center of attention. In Europe, the Council of the European Union has adopted the EU Cyber Resilience Act, while in the US Executive Order 14028 mandates that federal software suppliers comply with the minimum elements of an SBOM set by the US Department of Commerce.
Software and network protections remain of course a vital aspect of IoT module security – in which Quectel plays a leading role – with robust SBOM and VEX practices for instance an essential duty to customers and the wider IoT ecosystem. But due attention must also be paid to hardware approaches – for example by auditing and verifying the hardware supply chain, with SoC vendors providing necessary origin verifications, and maintaining transparency on hardware origins to build trust with customers and regulators.
According to IoT Analytics approximately 29% of cellular IoT modules shipped in Q2 2024 had no dedicated protection features. Only 33% had hardware-based security, and 38% had non-hardware-based security that relies on embedded software mechanisms or integrated features within existing hardware to create a secure environment.
To improve IoT module security, vendors should establish a foundational layer of protection by using standard public key infrastructure (commonly referred to as PKI) technology and store using cryptographic techniques. The SoC can feature a trust zone or trusted execution environment, supporting cryptographic functions and secure key storage.
Read our free new report, produced in collaboration with IoT Analytics, to learn more about the trends, regulations, and supply chain best practices necessary to securing the cellular IoT ecosystem of today.