News

Kryptowire and Qualcomm Awarded $1.8M by DHS to Demonstrate a Hardware-Anchored Security Solution that Validates Third-Party Applications and Services

Fairfax, VA - September 28, 2017

FAIRFAX, VA. Kryptowire, the mobile application security and privacy testing platform of choice for U.S. government agencies, is delighted to announce that the Qualcomm Cyber Security Solutions division of Qualcomm Technologies, Inc., a subsidiary of Qualcomm Incorporated, of San Diego, California, has been awarded $1.8M by the Department of Homeland Security Science and Technology Directorate (DHS S&T) to demonstrate Qualcomm Technologies' hardware-anchored Mission-Critical-Grade Security Layer (MCGSL) that leverages the Snapdragon Mobile Security Platform and extends its foundational commercial capabilities to Kryptowire's military-grade mobile application security testing platform to address zero-day threats on commercial mobile devices.
Read more

Kryptowire Provides Technical Details on Black Hat 2017 Presentation:
Observed ADUPS Data Collection & Data Transmission

Fairfax, VA - August 2, 2017

After our initial findings about mobile device data transmission in November 2016, Kryptowire analyzed different mobile devices for Personally Identifiable Information (PII) collection and transmission to third parties. As part of this effort, we presented our findings in the briefings section of Black Hat 2017. We decided to provide more technical information to clarify press reports and to help others identify additional devices that might be affected. We stand by our findings because we have clear forensic evidence, both in terms of code and in terms of network traces, to support them.
Read more

Kryptowire Joins VMware Mobile Security Alliance to Deliver Military-Grade Mobile and IoT Threat Protection to Enterprises

June 13, 2017

WASHINGTON--(BUSINESS WIRE)--Kryptowire is delighted to announce it has joined the VMware Mobile Security Alliance. The partnership will enable Kryptowire's government-vetted mobile and IoT security risk protection platform to collaborate with VMware Workspace ONE and VMware AirWatch. Discovering mobile/IoT vulnerabilities can be cumbersome, error-prone, and costly when your employees have hundreds of third-party applications and libraries on their devices that are exposed to zero-day threats on a daily basis. A single insecure mobile app may result in irreparable data losses, compromised networks, and millions of dollars in damages to an enterprise. Kryptowire is the turnkey mobile security and privacy platform of choice for Federal agencies to test their mobile and IoT devices against the highest internationally-recognized standards used for classified and national security systems. Now this military-grade technology is available to enterprise users and integrated with VMware Workspace ONE and VMware AirWatch.
Read more


Kryptowire Discovers Mobile Phone Firmware That Transmitted Personally Identifiable Information (PII) Without User Consent or Disclosure

Fairfax, VA - November 15, 2016

Kryptowire has identified several models of Android mobile devices that contained firmware that collected sensitive personal data about their users and transmitted this sensitive data to third-party servers without disclosure or the users' consent. These devices were available through major US-based online retailers (Amazon, BestBuy, for example) and included popular smartphones such as the BLU R1 HD. These devices actively transmitted user and device information including the full-body of text messages, contact lists, call history with full telephone numbers, unique device identifiers including the International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI). The firmware could target specific users and text messages matching remotely defined keywords. The firmware also collected and transmitted information about the use of applications installed on the monitored device, bypassed the Android permission model, executed remote commands with escalated (system) privileges, and was able to remotely reprogram the devices.
Read more


Accountability Program Announces Work with Kryptowire

Arlington, VA - May 4, 2016

The Online Interest-Based Advertising Accountability Program announced that Kryptowire, LLC, a Fairfax-based security firm, is providing technical services and staff support to assist the Accountability Program in monitoring mobile applications' compliance with the Digital Advertising Alliance's Self-Regulatory Principles in the challenging world of mobile. The Accountability Program protects consumer privacy in the digital advertising marketplace by ensuring all companies engaged in interest-based advertising provide transparency and control to consumers about the collection and use of their data for use in tailored advertising. As consumers increasingly rely on mobile devices to access the Internet and the advertising industry directs more and more of its revenue to reaching them on their smartphones, it is critical to ensure that consumers have the same protections on their mobile devices as they do on their desktops. Kryptowire's technical expertise is helping the Accountability Program to monitor compliance in the mobile marketplace.
Read more


Kryptowire to Demo New Mobile Security Enterprise solution at RSA 2016

Arlington, VA - February 29, 2016

Meet us at RSA 2016 at Booth #2633 on Tuesday March 1 from 10:15 - 10:30am and on Wednesday March 2 from 1:30 - 1:45pm at the Moscone Center in San Fransisco to get a sneak peak at our new Enterprise Mobile Security solution.

Kryptowire Enterprise integrates our cross-platform software assurance technologies with existing Enterprise Mobility Management (EMM) products, Android for Work, and Apple's iOS Device Enrollment Program (DEP) and Mobile Device Management (MDM) solutions to continuously validate the compliance and assesses the risk of all applications and devices against NIST and NIAP security standards, and enterprise-wide privacy and security policies.

Kryptowire Enterprise enables a turnkey solution for enforcing risk-based policy decisions and monitoring all mobile assets within an organization using the latest mobile threat intelligence. Unlike application security, device security, and privacy analysis reports that are reactive, Kryptowire Enterprise's dashboard, security analytics, and timely threat feeds enable swift corrective actions including whitelisting or blacklisting applications, notifying the end user, or even removing non-compliant assets to protect enterprise resources and data.

Contact us today at [email protected] to schedule an online demo.


DHS S&T awards Kryptowire Mobile Security Research Contract

Arlington, VA - August 19, 2015

The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) today announced a $1.7 million cybersecurity Mobile Technology Security (MTS) research and development (R&D) award that will help secure mobile devices for the federal government. The Broad Agency Announcement HSHQDC-14-R-B0015 by the Cyber Security Division awarded the contract to Kryptowire, LLC from Fairfax, Virginia to work on mobile security research in device instrumentation.
Read more