Kryptowire Provides Technical Details on Black Hat 2017 Presentation:
Observed ADUPS Data Collection & Data Transmission
Fairfax, VA - August 2, 2017
After our initial findings about mobile device data transmission in November 2016, Kryptowire analyzed
different mobile devices for Personally Identifiable Information (PII) collection and transmission to third parties.
As part of this effort, we presented our findings in the briefings section of
Black Hat 2017.
We decided to provide more technical information to clarify press reports and to help others
identify additional devices that might be affected. We stand by our findings because we have
clear forensic evidence, both in terms of code and in terms of network traces, to support them.
Kryptowire Joins VMware Mobile Security Alliance to Deliver Military-Grade Mobile and IoT Threat Protection to Enterprises
June 13, 2017
WASHINGTON--(BUSINESS WIRE)--Kryptowire is delighted to announce it has
joined the VMware Mobile Security Alliance. The partnership will enable Kryptowire's government-vetted mobile and
IoT security risk protection platform to collaborate with VMware Workspace ONE and VMware AirWatch. Discovering
mobile/IoT vulnerabilities can be cumbersome, error-prone, and costly when your employees have hundreds of
third-party applications and libraries on their devices that are exposed to zero-day threats on a daily basis.
A single insecure mobile app may result in irreparable data losses, compromised networks, and millions of dollars
in damages to an enterprise. Kryptowire is the turnkey mobile security and privacy platform of choice for Federal
agencies to test their mobile and IoT devices against the highest internationally-recognized standards used for
classified and national security systems. Now this military-grade technology is available to enterprise users and
integrated with VMware Workspace ONE and VMware AirWatch.
Kryptowire Discovers Mobile Phone Firmware That Transmitted Personally Identifiable Information (PII) Without User Consent or Disclosure
Fairfax, VA - November 15, 2016
Kryptowire has identified several models of Android mobile devices that contained firmware that collected sensitive
personal data about their users and transmitted this sensitive data to third-party servers without disclosure or
the users' consent. These devices were available through major US-based online retailers (Amazon, BestBuy, for example)
and included popular smartphones such as the BLU R1 HD. These devices actively transmitted user and device information
including the full-body of text messages, contact lists, call history with full telephone numbers, unique device
identifiers including the International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment
Identity (IMEI). The firmware could target specific users and text messages matching remotely defined keywords.
The firmware also collected and transmitted information about the use of applications installed on the monitored
device, bypassed the Android permission model, executed remote commands with escalated (system) privileges, and was
able to remotely reprogram the devices.
Arlington, VA - May 4, 2016
The Online Interest-Based Advertising Accountability Program announced that Kryptowire, LLC, a Fairfax-based security
firm, is providing technical services and staff support to assist the Accountability Program in monitoring mobile
applications' compliance with the Digital Advertising Alliance's Self-Regulatory Principles in the challenging world
of mobile. The Accountability Program protects consumer privacy in the digital advertising marketplace by ensuring
all companies engaged in interest-based advertising provide transparency and control to consumers about the collection
and use of their data for use in tailored advertising. As consumers increasingly rely on mobile devices to access the
Internet and the advertising industry directs more and more of its revenue to reaching them on their smartphones, it
is critical to ensure that consumers have the same protections on their mobile devices as they do on their desktops.
Kryptowire's technical expertise is helping the Accountability Program to monitor compliance in the mobile marketplace.
Kryptowire to Demo New Mobile Security Enterprise solution at RSA 2016
Arlington, VA - February 29, 2016
Meet us at RSA 2016 at Booth #2633 on Tuesday March 1 from 10:15 - 10:30am and on Wednesday March 2 from 1:30 - 1:45pm at the Moscone Center in San Fransisco to get a sneak peak at our new Enterprise Mobile Security solution.
Kryptowire Enterprise integrates our cross-platform software assurance technologies with existing Enterprise Mobility Management (EMM) products, Android for Work, and Apple's iOS Device Enrollment Program (DEP) and Mobile Device Management (MDM) solutions to continuously validate the compliance and assesses the risk of all applications and devices against NIST and NIAP security standards, and enterprise-wide privacy and security policies.
Kryptowire Enterprise enables a turnkey solution for enforcing risk-based policy decisions and monitoring all mobile assets within an organization using the latest mobile threat intelligence. Unlike application security, device security, and privacy analysis reports that are reactive, Kryptowire Enterprise's dashboard, security analytics, and timely threat feeds enable swift corrective actions including whitelisting or blacklisting applications, notifying the end user, or even removing non-compliant assets to protect enterprise resources and data.
Contact us today at [email protected] to schedule an online demo.
Arlington, VA - August 19, 2015
The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) today announced a $1.7 million
cybersecurity Mobile Technology Security (MTS) research and development (R&D) award that will help secure mobile
devices for the federal government. The Broad Agency Announcement HSHQDC-14-R-B0015 by the Cyber Security Division
awarded the contract to Kryptowire, LLC from Fairfax, Virginia to work on mobile security research in device