Kryptowire Discovers Mobile Phone Firmware That Transmitted Personally Identifiable Information (PII) Without User Consent or Disclosure

Fairfax, VA - November 15, 2016

Kryptowire has identified several models of Android mobile devices that contained firmware that collected sensitive personal data about their users and transmitted this sensitive data to third-party servers without disclosure or the users' consent. These devices were available through major US-based online retailers (Amazon, BestBuy, for example) and included popular smartphones such as the BLU R1 HD. These devices actively transmitted user and device information including the full-body of text messages, contact lists, call history with full telephone numbers, unique device identifiers including the International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI). The firmware could target specific users and text messages matching remotely defined keywords. The firmware also collected and transmitted information about the use of applications installed on the monitored device, bypassed the Android permission model, executed remote commands with escalated (system) privileges, and was able to remotely reprogram the devices.
Read more

Accountability Program Announces Work with Kryptowire

Arlington, VA - May 4, 2016

The Online Interest-Based Advertising Accountability Program announced that Kryptowire, LLC, a Fairfax-based security firm, is providing technical services and staff support to assist the Accountability Program in monitoring mobile applications' compliance with the Digital Advertising Alliance's Self-Regulatory Principles in the challenging world of mobile. The Accountability Program protects consumer privacy in the digital advertising marketplace by ensuring all companies engaged in interest-based advertising provide transparency and control to consumers about the collection and use of their data for use in tailored advertising. As consumers increasingly rely on mobile devices to access the Internet and the advertising industry directs more and more of its revenue to reaching them on their smartphones, it is critical to ensure that consumers have the same protections on their mobile devices as they do on their desktops. Kryptowire's technical expertise is helping the Accountability Program to monitor compliance in the mobile marketplace.
Read more

Kryptowire to Demo New Mobile Security Enterprise solution at RSA 2016

Arlington, VA - February 29, 2016

Meet us at RSA 2016 at Booth #2633 on Tuesday March 1 from 10:15 - 10:30am and on Wednesday March 2 from 1:30 - 1:45pm at the Moscone Center in San Fransisco to get a sneak peak at our new Enterprise Mobile Security solution.

Kryptowire Enterprise integrates our cross-platform software assurance technologies with existing Enterprise Mobility Management (EMM) products, Android for Work, and Apple's iOS Device Enrollment Program (DEP) and Mobile Device Management (MDM) solutions to continuously validate the compliance and assesses the risk of all applications and devices against NIST and NIAP security standards, and enterprise-wide privacy and security policies.

Kryptowire Enterprise enables a turnkey solution for enforcing risk-based policy decisions and monitoring all mobile assets within an organization using the latest mobile threat intelligence. Unlike application security, device security, and privacy analysis reports that are reactive, Kryptowire Enterprise's dashboard, security analytics, and timely threat feeds enable swift corrective actions including whitelisting or blacklisting applications, notifying the end user, or even removing non-compliant assets to protect enterprise resources and data.

Contact us today at [email protected] to schedule an online demo.

DHS S&T awards Kryptowire Mobile Security Research Contract

Arlington, VA - August 19, 2015

The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) today announced a $1.7 million cybersecurity Mobile Technology Security (MTS) research and development (R&D) award that will help secure mobile devices for the federal government. The Broad Agency Announcement HSHQDC-14-R-B0015 by the Cyber Security Division awarded the contract to Kryptowire, LLC from Fairfax, Virginia to work on mobile security research in device instrumentation.
Read more