Security Assessment of a Fire Safety System by LTTS Leads to over $4 Million Annual Cost Savings for Client

Background and Client Profile: A fire safety system refers to multiple devices working in sync to provide immediate alerts and warn people in case there are incidents of smoke or fire or other related emergencies inside a facility. This alarm can be activated through manual devices, such as pull stations, or automatic ones like smoke or heat detectors depending upon the facility’s requirement.

The client is a multinational Fortune 100 company that faced issues arising from the lack of proper design and updates in its 20-year-old legacy code, coupled with high-cost material for production. These factors resulted in substantial revenue loss and a complex debug solution. The client was seeking a solution to replace the existing fire alarm system with an effective and contemporary variant.

L&T Technology Services (LTTS) draws on over 40 years of fire safety solutions of its parent company, Larsen & Toubro. Safety is the company’s core value, and it is committed to maintaining high standards of safety and quality. LTTS has led engineering projects in 200+ sites worldwide. After evaluating the available market options, the client chose LTTS to execute this project.

What was Required:

• Debugging of 20-year-old legacy code with approximately 1 million lines of code.
• Alternate low-cost material that can replace the legacy component and improve quality.
• Design and development of new features to fix the issues reported during testing and those from customers on legacy products.
• Creating a single documentation platform to track the progress from sourcing to sales.

LTTS’ Approach:

• Alternate Suppliers – With unique capability and understanding of market suppliers, the LTTS team identified the new suppliers, which helped in saving $125K on production.
• Modules – Design and testing new features on the existing legacy product. Conducted security assessment of the thick client application, which included reverse engineering and dynamic assessment.
• Debugging – Analyzed ethernet interface through simulation attacks like Man in the Middle (MitM), spoofing and tampering with tools - Ettercap, Wireshark, and Nmap.
• Maintenance – I2C client driver for SFP BR modules on QNX with application support for SFP BR and HASP key dongle assessment through dumping, reverse engineering, and bypass attacks.
• Documentation – Reviewing the latest product specifications, drawings, BOMs, material information, and creating a central platform to review all the documentation by working with the cross-functional teams and providing training on PPAP and Audit requirements.

Tangible Results: LTTS’ efforts led to over $4 million annual cost savings for the customer and helped the client to track the status progress through a single documentation platform. Other benefits include:

• Identification of alternate suppliers.
• Configuration feature lock bypass.
• Cross-site scripting.
• Designing, developing, and integrating new features.
• Identifying critical vulnerabilities (buffer overflows, insecure applications).