Request a demo

Detecting Undeclared Sanctioned Hardware via Firmware Analysis

Case Study

Challenge

While investigating potential risks involved in introducing a popular industrial communications device into a high-assurance environment, a security researcher was seeking attribution and provenance of the embedded software on the device. Product histories can be complex, especially in operational technology (OT) products where firmware contains a tremendous amount of proprietary software and legacy devices abound. Although the device was available on the U.S. GSA schedule, the companies behind the product had undergone multiple M&As, so the question arose – were there any hidden risks in this device? 

No source code was available. Binary analysis of firmware is reliable but difficult without the right technology and security analysis: 

  • Requires a massive corpus of proprietary data for legacy devices. 
  • The data is not obtainable in open source. 
  • Much of the data is proprietary and can’t be jobbed out to a contractor 

Solution

The Exiger cyber solution, using binary analysis on the device’s firmware, uncovered embedded Huawei modem drivers in the device. Per the FCC tag, these modems were supposed to be Sierra Wireless modems, but the firmware analysis said otherwise. 

Undeclared Huawei modem drivers

Exiger technology identified this corporate entity provenance from the firmware alone. In other words, there was no need to crack open the device(Subsequent physical inspection of the device did confirm presence of Huawei technology.)

Impact

Were there any hidden risks in this device? Yes. But the issue was not that the drivers were bad. The problem is that a sanctioned or precluded Huawei modem in the box was not declared 

Huawei is on the U.S. Bureau of Industry and Security Entity List, prohibiting the sale of new communications equipment and its use in U.S. telecommunication networks. In 2022, the FCC stopped authorizing new Huawei telecom gear for import or sale, while running a “rip-and-replace” reimbursement program to remove existing equipment from smaller carriers’ networks. 

This non-destructive hardware analysis via firmware attribution would enable purchasers of this device (and other devices bearing sanctioned or forbidden technology) to detect the problematic components at a distance, quickly and inexpensively. For organizations pursuing rip-and-replace strategies to meet SCRM mandates, the Exiger solution offers a scalable alternative to physically inspecting a large inventory of devices. 

Exiger’s binary analysis enables software supply chain security and cyber supply chain risk management by exposing hidden cyber risks across a wide variety of technology and ensuring regulatory compliance. 

Binary analysis icon
Industrial icons
regulatory checklist icon

Analysis of binaries to find drivers for undeclared and disallowed hardware.

Capability extends beyond modems to other critical OT devices. 

Scalable alternative to rip-and-replace strategies to meet regulatory requirements. 

DEMO THE EXIGER PLATFORM
Perspectives
SEE ALL 
insights

Perspectives

SEE ALL
Bottling line automation
Case Study
Responding to Customer Demands for SBOMs 
Tfest Supply Chain 2025
Event
Meet Exiger at TFEST, Berlin
Contested Logistics webinar
Webinar
Contested Logistics: Hard Lessons from Ukraine’s Frontlines
NPM Client Alert - Perspectives
Client Alert
How a Single Compromise Threatened 34% of npm
Delayed software maintenance in healthcare
White Paper
Let’s Worry About That Later
Stacked shipping containers with one highlighted in red, symbolizing transshipment risks and global supply chain vulnerabilities.
Article
Transshipment Intelligence
Nx Software Supply Chain Attack on popular open-source software tools
Client Alert
Nx Software Supply Chain Compromise
Title slide for Exiger’s white paper ‘Lessons in Logistics from America’s Gray Zones, Part 01: Pre-position, Evacuate, Rebuild, and Sustain,’ set against an image of destroyed buildings and a digital container backdrop symbolizing contested logistics and supply chain risk.
Article
Pre-position, Evacuate, Rebuild, and Sustain: Lessons In Logistics from America’s Gray Zones (Part 1)
DPW Amsterdam
Event
Meet Exiger at DPW Amsterdam 2025
Open-pit mining site representing UFLPA high-priority sectors such as steel, copper, and lithium supply chains under DHS and CBP enforcement.
Client Alert
DHS & CBP Expand Focus of UFLPA: New High-Priority Sectors
Defense Technology
Event
Exiger Executive Forum | War Time Economics
Omdia Report (1)
Article
Exiger Recognized as a Leader in the Omdia Market Radar: Firmware and Software Supply Chain Security, 2025
Industries
Solutions
Products
Company
contact us
join the team
Logo - Exiger AI-powered supply chain risk management
©
2025
Privacy and Legal Center

Demo The
Exiger Platform