Enhancing Security for QEPR’s GPS Keyfob System

About the Client

QEPR specializes in cutting-edge loss prevention solutions, offering technology that protects personal items from being lost or stolen. Their flagship product is a GPS-enabled keyfob that combines advanced technology with user-friendly design. The complete, patented system includes a keyfob, smartphone tag, and concierge member support, providing a reliable way to track and retrieve lost items.

Project Background

As QEPR prepared to transition from prototype version 1 to a robust version 2, they recognized the need to enhance the security of their product. With the integration of complex technologies like Bluetooth, NB-IoT, and an embedded SIM card (eSIM), ensuring the security of the device, mobile application, and web portal was paramount. They sought to implement a Secure Software Development Life Cycle (SDLC) and conduct thorough penetration testing before launching to the market.

The Challenge

• Secure Product Development: QEPR needed to design a secure architecture for their IoT device and associated applications without compromising on battery life and user experience.
• Integration of Advanced Technologies: Addressing security concerns related to Bluetooth connectivity, NB-IoT communication, and eSIM functionality.
• Energy Consumption vs. Security: Finding the optimal balance between implementing robust security measures and maintaining efficient battery usage.
• Comprehensive Testing: Conducting multiple rounds of penetration testing at different development stages to identify and mitigate vulnerabilities.

Solution

Iterasec partnered closely with QEPR to address these challenges through a multifaceted approach:

1. Secure Architecture Development
   • Security Requirements Definition: Established detailed security and architectural requirements for the device, mobile app, and web portal.
   • Technology Expertise Application: Leveraged our knowledge in Bluetooth and NB-IoT to design secure communication protocols.
   • Battery Optimization Strategies: Developed security controls optimized for low energy consumption, ensuring minimal impact on battery life.
2. Implementation of Secure SDLC
   • Integration of Security Practices: Embedded security considerations into every phase of the development lifecycle.
   • Team Collaboration: Worked alongside QEPR’s development team to instill a culture of security awareness.
   • Ongoing Support: Provided continuous guidance to adapt security measures as the project evolved.
3. Penetration Testing Services
   • Multiple Testing Phases: Conducted initial, intermediate, and final penetration tests to systematically identify and resolve security issues.
   • Holistic Approach: Tested the IoT device, mobile applications (iOS and Android), and web portal to ensure end-to-end security.

Results and Outcome

• Enhanced Security Posture: Successfully implemented a secure architecture that protected user data and device integrity without sacrificing performance.
• Optimized Energy Efficiency: Achieved a balance between robust security measures and battery life, ensuring the device remained practical for everyday use.
• Improved Product Readiness: Identified and mitigated vulnerabilities early, leading to a smoother path to market launch.
• Empowered Development Team: QEPR’s team gained valuable insights into secure development practices, benefiting future projects.