Home / Security

Security & Compliance

We follow strict procedures and international standards to ensure the security, continuity, and integrity of our systems and software. Our processes are aligned with ISO 27001 and the Secure Development Lifecycle (SDLC) model.

SMSEagle is ISO 27001 certified

SMSEagle holds ISO 27001 certification, an internationally recognized standard for information security management systems (ISMS). This certification demonstrates our commitment to systematically managing and protecting the sensitive information involved in the development, operation, and delivery of our hardware SMS gateways and associated software. It assures our customers and partners that we adhere to stringent security controls and best practices, continuously improving our information security posture across both physical and digital aspects of our product.

View certificate

Secure by design

We build SMSEagle with security in mind from design to deployment. We use secure hardware design, safe coding practices for firmware, and thorough testing of the whole system. By making security measures a part of every step, we keep SMSEagle strong, reliable, and trustworthy.

Security Testing

Static Application Security Testing (SAST)

We regularly scan our code with SAST tools to find security vulnerabilities early, before we release anything

Software Composition Analysis (SCA)

We analyze third-party and open-source components for known vulnerabilities to ensure our software supply chain remains secure and up to date.

Automated and manual tests

Security testing combines automated tools with expert-driven manual reviews to uncover a broad range of potential threats and weaknesses.

External penetration testing

Independent security professionals conduct regular penetration tests to evaluate the effectiveness of our defenses from an attacker’s perspective.

Threat modeling

To prevent attacks, we analyze potential weaknesses and build our systems with a secure architecture, guided by threat modeling.

Code reviews

Before any code is integrated, peers review it to confirm it follows security best practices and to spot potential vulnerabilities.

Vulnerability Management & Incident Response

Our top priority is safeguarding the security of our customers and the public. Effective communication is vital to our cybersecurity efforts, and we ask research groups and individuals to responsibly disclose to our team any potential security issue in our products. You will receive an acknowledgment of your report within 3 business days. We will provide status updates until the issue is resolved.

Report a vulneraibility

Vulnerabilities and incidents are logged, tracked, and prioritized.

All reported issues are systematically recorded, assessed for severity, and addressed based on potential impact to ensure timely resolution.

All source code is version-controlled.

We maintain strict version control over our codebase to ensure traceability, facilitate secure development practices, and support efficient issue remediation.

Security patches are developed and deployed under accelerated workflows.

When vulnerabilities are identified, we fast-track patch development and deployment to minimize exposure and protect users as quickly as possible.

Response scenarios are predefined and tested.

Our team follows tested response protocols for various incident types, ensuring we act swiftly and effectively when security events occur.

Incident documentation

Incident documentation is updated in both internal (architecture-focused) and external (user-facing) formats. Each security incident is thoroughly documented to support root cause analysis, knowledge sharing, and continuous improvement of our security posture.

SMSEagle Security Advisories

Create DateTitleLevelAffected DevicesCVE-ID(s)
2024-08-21Resolved XSS in SMSEagle software (CVE-2024-37392)HighAllCVE-2024-37392
2024-06-03regreSSHion: RCE in OpenSSH’s serverHighMHD-8100-4G Rev.1.1CVE-2024-6387
2021-12-14SMSEagle devices not affected by log4j/log4shell vulnerabilitiesInformationalCVE-2021-44228
2018-01-10Spectre & Meltdown – SMSEagles are not vulnerableInformationalCVE-2017-5715, CVE-2017-5753, CVE-2017-5754

SMSEagle Software updates

We are committed to ensuring the highest level of security for our devices by providing regular software updates. These include software fixes and enhancements that improve the functionality of our products and strengthen their security against emerging threats. By keeping your devices up-to-date with our latest software, you can enjoy a smoother & safer user experience.

Learn more

Additional security
measures

Learn more

Company data
SMSEagle™ brand is owned & manufactured by
Proximus Sp. z o.o.
ul. Piatkowska 163
60-650 Poznan
Poland, EU

Phone: +48 61 6713 413
Contact us

 

Integration plugins
API
Email to SMS
Code samples
Software updates
Sales partners
Why us
Terms & conditions
Privacy policy
Security

SMSEagle Support Portal
SMSEagle Online store

SMSEagle is a professional hardware SMS gateway for sending and receiving SMS messages. The device is designed with focus on reliability and stability. SMS messages are sent/received directly to/from cellular network without using any external 3rd party solutions. The device has a range of built-in plugins that enable additional functionalities and easy to use API for integration with external applications.

Sign up for newsletter >
Copyright © 2025 All rights reserved.