Request a demo

Detecting Undeclared Sanctioned Hardware via Firmware Analysis

Case Study

Challenge

While investigating potential risks involved in introducing a popular industrial communications device into a high-assurance environment, a security researcher was seeking attribution and provenance of the embedded software on the device. Product histories can be complex, especially in operational technology (OT) products where firmware contains a tremendous amount of proprietary software and legacy devices abound. Although the device was available on the U.S. GSA schedule, the companies behind the product had undergone multiple M&As, so the question arose – were there any hidden risks in this device? 

No source code was available. Binary analysis of firmware is reliable but difficult without the right technology and security analysis: 

  • Requires a massive corpus of proprietary data for legacy devices. 
  • The data is not obtainable in open source. 
  • Much of the data is proprietary and can’t be jobbed out to a contractor 

Solution

The Exiger cyber solution, using binary analysis on the device’s firmware, uncovered embedded Huawei modem drivers in the device. Per the FCC tag, these modems were supposed to be Sierra Wireless modems, but the firmware analysis said otherwise. 

Undeclared Huawei modem drivers

Exiger technology identified this corporate entity provenance from the firmware alone. In other words, there was no need to crack open the device(Subsequent physical inspection of the device did confirm presence of Huawei technology.)

Impact

Were there any hidden risks in this device? Yes. But the issue was not that the drivers were bad. The problem is that a sanctioned or precluded Huawei modem in the box was not declared 

Huawei is on the U.S. Bureau of Industry and Security Entity List, prohibiting the sale of new communications equipment and its use in U.S. telecommunication networks. In 2022, the FCC stopped authorizing new Huawei telecom gear for import or sale, while running a “rip-and-replace” reimbursement program to remove existing equipment from smaller carriers’ networks. 

This non-destructive hardware analysis via firmware attribution would enable purchasers of this device (and other devices bearing sanctioned or forbidden technology) to detect the problematic components at a distance, quickly and inexpensively. For organizations pursuing rip-and-replace strategies to meet SCRM mandates, the Exiger solution offers a scalable alternative to physically inspecting a large inventory of devices. 

Exiger’s binary analysis enables software supply chain security and cyber supply chain risk management by exposing hidden cyber risks across a wide variety of technology and ensuring regulatory compliance. 

Binary analysis icon
Industrial icons
regulatory checklist icon

Analysis of binaries to find drivers for undeclared and disallowed hardware.

Capability extends beyond modems to other critical OT devices. 

Scalable alternative to rip-and-replace strategies to meet regulatory requirements. 

DEMO THE EXIGER PLATFORM
Perspectives
SEE ALL 
insights

Perspectives

SEE ALL
Reps and Certs - Perspectives
Article
Reps and Certs: The Hidden Risks in Federal Contracting Compliance
Laptop screen displaying the 1Exiger platform Open Source Software and SBOM (Software Bill of Materials) Analysis capability, showing a searchable inventory of software components. The interface lists component names, versions, risks, vulnerabilities, quality indicators, and resolution percentages.
Product Tour
Tour the Exiger Software Supply Chain Security Solution
Cargo Container
Article
From Sanctions to Export Controls: The OFAC 50% Rule vs. BIS 50% Rule
BIS Weighs the 50% Rule: Implications for Supply Chains & Third-Party Risk
Client Alert
U.S. Government Adopts New 50% Ownership Rule for Export Controls
Broader Reach, Heightened Risk for Trade Compliance and Supply Chains
Bottling line automation
Case Study
Responding to Customer Demands for SBOMs 
Contested Logistics webinar
Webinar
Contested Logistics: Hard Lessons from Ukraine’s Frontlines
Pharma Supply Chain Risks - Exiger CEO Testifies Before Congress
Article
Exiger CEO Testifies Before Congress on Pharmaceutical Supply Chain Risks
NPM Client Alert - Perspectives
Client Alert
How a Single Compromise Threatened 34% of npm
Unlocking Resilience - Cybersecurity Preparations
Podcast
Cybersecurity Resilience in Healthcare
Episode 3
Delayed software maintenance in healthcare
White Paper
Let’s Worry About That Later
The Failed Economics of Software Maintenance in Healthcare
Stacked shipping containers with one highlighted in red, symbolizing transshipment risks and global supply chain vulnerabilities.
Article
Transshipment Intelligence
Detecting and Preventing Illicit Transshipment Across Global Supply Chains
Nx Software Supply Chain Attack on popular open-source software tools
Client Alert
Nx Software Supply Chain Compromise
Industries
Solutions
Products
Company
contact us
join the team
Logo - Exiger AI-powered supply chain risk management
©
2025
Privacy and Legal Center

Demo The
Exiger Platform