English
FrançaisSecure by design, verified by Penthertz
Not every security engagement requires active exploitation. Our audits provide a structural analysis of your wireless systems and embedded products — evaluating design choices, configurations, and code against the standards that matter for your industry.
We analyze the security posture of your devices and infrastructure at the design, configuration, and implementation levels. Our auditors combine deep RF and hardware expertise with knowledge of telecom standards (3GPP, ETSI, GSMA), automotive regulations (UNECE R155, ISO 21434), and national frameworks (ANSSI, NIS2) to deliver assessments that hold up under regulatory scrutiny.
Whether you need a pre-certification review, a supplier security assessment, or a deep-dive into your wireless protocol implementation — we deliver actionable findings with clear remediation paths.
Our audit approach
- White-box analysis with full documentation access
- Standards-driven — 3GPP, ETSI, GSMA, ANSSI, ISO
- Expertise in wireless protocols at the specification level
- Reproducible findings with evidence
- Prioritized remediation recommendations
Audit Services
Configuration Audit
We review the configuration of your wireless infrastructure, embedded devices, network equipment, and cloud services against security best practices and your own policies. Misconfigurations are the root cause of most real-world breaches — we find them before attackers do.
Examples
- Telecom core network: firewall rules, routing, segmentation
- Wi-Fi enterprise: AP config, RADIUS, certificate management
- IoT platforms: device provisioning, cloud backend, OTA updates
- Embedded devices: firmware settings, exposed services, debug interfaces
- 5G / Open RAN: O-RU, O-DU, O-CU, RIC configuration
Architecture & Design Review
We evaluate the security architecture of your wireless systems, IoT platforms, and embedded products before or after deployment. We map the full attack surface, identify design weaknesses, and assess trust boundaries, catching structural issues that no amount of patching can fix later.
Scope
- Threat modeling: attack surface mapping, STRIDE/DREAD
- Protocol design: wireless protocol security analysis
- Key management: crypto architecture, key lifecycle
- Trust boundaries: secure boot, attestation, TEE
- Network segmentation: isolation, access control design
Source Code & Firmware Review
We review the source code of your firmware, protocol stacks, drivers, and embedded applications. We understand RF and hardware-specific code patterns that can be implemented in various stacks, and catch vulnerabilities.
What we review
- Firmware: C/C++, Rust, Go, embedded real-time code
- Protocol stacks: wireless protocol implementations
- Drivers: kernel modules, hardware abstraction layers
- Crypto implementations: custom or standard algorithms
- Third-party libraries: dependency analysis, known CVEs
Compliance & Standards Assessment
We assess your products and infrastructure against the regulatory frameworks and industry standards relevant to your sector. Whether you're preparing for certification, responding to regulatory requirements, or performing due diligence on a supplier — we map gaps and provide a clear path to compliance.
Standards & frameworks
- Telecom: 3GPP, ETSI, GSMA NESAS, and more
- Automotive: UNECE R155/R156, ISO/SAE 21434
- IoT: ETSI EN 303 645, IEC 62443
- National: ANSSI guidelines, NIS2, CRA
- Defense: classification-specific requirements
Typical Audit Missions
A few examples of audit missions we regularly perform for our clients across defense, telecom, automotive, and IoT sectors.