Kryptowire Discovers Mobile Phone Firmware That Transmitted Personally Identifiable Information (PII) Without User Consent or Disclosure
Fairfax, VA - November 15, 2016
Kryptowire has identified several models of Android mobile devices that contained firmware that collected sensitive
personal data about their users and transmitted this sensitive data to third-party servers without disclosure or
the users' consent. These devices were available through major US-based online retailers (Amazon, BestBuy, for example)
and included popular smartphones such as the BLU R1 HD. These devices actively transmitted user and device information
including the full-body of text messages, contact lists, call history with full telephone numbers, unique device
identifiers including the International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment
Identity (IMEI). The firmware could target specific users and text messages matching remotely defined keywords.
The firmware also collected and transmitted information about the use of applications installed on the monitored
device, bypassed the Android permission model, executed remote commands with escalated (system) privileges, and was
able to remotely reprogram the devices.
Arlington, VA - May 4, 2016
The Online Interest-Based Advertising Accountability Program announced that Kryptowire, LLC, a Fairfax-based security
firm, is providing technical services and staff support to assist the Accountability Program in monitoring mobile
applications' compliance with the Digital Advertising Alliance's Self-Regulatory Principles in the challenging world
of mobile. The Accountability Program protects consumer privacy in the digital advertising marketplace by ensuring
all companies engaged in interest-based advertising provide transparency and control to consumers about the collection
and use of their data for use in tailored advertising. As consumers increasingly rely on mobile devices to access the
Internet and the advertising industry directs more and more of its revenue to reaching them on their smartphones, it
is critical to ensure that consumers have the same protections on their mobile devices as they do on their desktops.
Kryptowire's technical expertise is helping the Accountability Program to monitor compliance in the mobile marketplace.
Kryptowire to Demo New Mobile Security Enterprise solution at RSA 2016
Arlington, VA - February 29, 2016
Meet us at RSA 2016 at Booth #2633 on Tuesday March 1 from 10:15 - 10:30am and on Wednesday March 2 from 1:30 - 1:45pm at the Moscone Center in San Fransisco to get a sneak peak at our new Enterprise Mobile Security solution.
Kryptowire Enterprise integrates our cross-platform software assurance technologies with existing Enterprise Mobility Management (EMM) products, Android for Work, and Apple's iOS Device Enrollment Program (DEP) and Mobile Device Management (MDM) solutions to continuously validate the compliance and assesses the risk of all applications and devices against NIST and NIAP security standards, and enterprise-wide privacy and security policies.
Kryptowire Enterprise enables a turnkey solution for enforcing risk-based policy decisions and monitoring all mobile assets within an organization using the latest mobile threat intelligence. Unlike application security, device security, and privacy analysis reports that are reactive, Kryptowire Enterprise's dashboard, security analytics, and timely threat feeds enable swift corrective actions including whitelisting or blacklisting applications, notifying the end user, or even removing non-compliant assets to protect enterprise resources and data.
Contact us today at [email protected] to schedule an online demo.
Arlington, VA - August 19, 2015
The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) today announced a $1.7 million
cybersecurity Mobile Technology Security (MTS) research and development (R&D) award that will help secure mobile
devices for the federal government. The Broad Agency Announcement HSHQDC-14-R-B0015 by the Cyber Security Division
awarded the contract to Kryptowire, LLC from Fairfax, Virginia to work on mobile security research in device