While developing our solutions we follow the best practices and put a lot of focus on how we can improve our customers’ security and how we keep our own platform secure. Cybersecurity is a very complex topic as there are so many parts where the systems could be attacked or manipulated. We have great specialists in our development team and we truly believe that everything we introduce to the public is done as well as we can.
A chain is only as strong as its weakest link
To check the state of cybersecurity at BLE Locking and validity of our skills we reached out to Nixu – one of the leading cybersecurity companies in Northern Europe. It’s not enough to believe we’re doing a good job, we also need to prove it to find out if there are any weak links in our product or not, and if so, what are the weakest links. Together with Nixu’s specialists we put together a reasonable testing scope to cover the majority of our solution and focus on the most risky parts. At the core of our products is our access management platform, digital keys and module/lock communication.
The best way to wrap up a year
In the very last days of last year, we received the final security audit results that covered the agreed scope. When it comes to cybersecurity, modesty is always better than bragging about it, but it’s safe to say that the BLE Locking team has done a great job. Security audit showed that no critical, high or medium level vulnerabilities were found this time. The audit identified 2 low-level hypothetical issues, which have also been fixed to date.
What happens next?
As the BLE Locking product develops daily and we add many new functionalities, it’s MANDATORY to continue validating what we do and prove with tests that we are on the right track and offer secure solutions for our customers. Along with the 2023 roadmap we are also planning new security tests and continuing discussions with experts in the field. It is also our responsibility to inform our customers and followers of progress and be as transparent as possible about the topic.