Mobile Vulnerability Analysis

Discovering vulnerabilities can be cumbersome, error-prone, and costly when your employees’ devices have hundreds of third-party applications, updates, and libraries that are exposed to software vulnerabilities and zero-day threats on a daily basis. A single insecure device may result in irreparable data losses, compromised networks, and millions of dollars in damages to your enterprise.

The traditional approach of using manual penetration testing is too costly and time consuming to keep up with the large number of devices and updates deployed in modern organizations. To solve this problem, Kryptowire has developed an automated vulnerability discovery and exploit generation engine that scales easily to cover every device, application, and update in your enterprise inventory. Our tool has been used to discover and document over 145+ CVEs in the last year alone and is now available for commercial use.

How it Works - Download PDF

1

Mobile Apps & Firmware Collection

Mobile Apps and Firmware images are collected and processed by the App analysis system using a cloud or on-premise appliance.


2

Vulnerabilities Discovered

The automated system reports vulnerabilities with the type (e.g. command execution) and all necessary data to generate a proof of concept.

  • Command Execution
  • Log Leakage
  • Network Settings Modification
  • SMS Sending/Spoofing
  • Screenshot Capturing
  • System Properties Modifications
  • Factory Reset
  • App Installation
  • App Uninstallation
  • AT-Command Execution
  • Audio Recording
  • Video Recording
  • Dynamic Code Loading
  • And More...

3

Exploits Generated

An analyst leverages the output of the automated system to validate and generate Proof of Concept exploits. The POCs can be tested and validated in live environments.

Sample Results – November 2019 CVEs


The Department of Homeland Security (DHS) workforce has become increasingly mobile, driving the need for secure mobility solutions and a coordinated approach and framework to guide the selection and implementation of common enterprise mobility solutions. To accelerate the safe and secure adoption of mobile technology within DHS and the federal government, the DHS Science and Technology Directorate (S&T) created the Mobile Security research and development (R&D) Program. Kryptowire is proud to participate in the DHS S&T Mobile Security R&D program.