Vulnerability enables outside access to user data, camera function, system logs, and device management
MCLEAN, Va., March 15, 2022 /PRNewswire/ -- Kryptowire Inc., a mobile security and privacy solutions company, today announced that they have identified a critical security and privacy vulnerability affecting mobile devices with UNISOC, China's largest designer of chips for mobile phones. The vulnerability within the chipset, if exploited, allows malicious actors to take control over user data and device functionality.
Specifically, the vulnerability allows intruders to access call and system logs, text messages, contacts, and other private data, video record the device's screen or use the external-facing camera to record video, or even take control of the device remotely, altering or wiping data. Adhering to its disclosure policy, Kryptowire notified affected device manufacturers and carriers, as well as UNISOC, of the vulnerability in December 2021.
"In an increasingly competitive mobile device market, it's imperative that device manufacturers establish and maintain trust among carriers and end users," Alex Lisle, Chief Technical Officer, Kryptowire. "Kryptowire's core technology, which provides rapid, automatic vulnerability scanning without intrusion into end user data, helps stakeholders find and remediate critical security and privacy gaps faster and more efficiently, increasing confidence in the face of complex security challenges."
Mobile device and operating system (iOS and Android) use has increased rapidly in the pandemic era, especially as more exchanges, transactions, and communications go "mobile-first." This combined with the new found risks in the supply-chain has resulted in oversights and security flaws. Accordingly, businesses need AI enabled cloud-based mobile security solutions that not only safeguard mobile devices from bad actors, but also provide intrusion-free protection to its end users. In 2021 alone, Kryptowire scanned over 3 billion lines of code across 70,000 applications, discovering over 500 vulnerabilities affecting approximately 2 billion devices.
Founded in 2011, Kryptowire developed and launched its Mobile Application Security Testing (MAST) service, leveraging its military-grade proprietary analysis engine. This AI enabled cloud-based service gives organizations the ability to automatically scan mobile content for security, privacy, and compliance issues without accessing source code. This saves time, reduces human resource burdens, and preserves end user privacy.
About Kryptowire
Kryptowire is a leader in cloud-based mobile security and privacy solutions, delivering organizations and end-users the peace of mind that comes with intrusion-free mobile security. We enable organizations to scan mobile devices and applications for security, compliance, and other vulnerabilities without accessing source code, saving time and preserving privacy. Our mission is to make world-class mobile security available to more businesses and communities around the world.
Please visit www.kryptowire.com or connect with us on LinkedIn and Twitter (@kryptowire) for more information.
Media Contact
media@kryptowire.com
Logo - https://mma.prnewswire.com/media/1704980/Kryptowire_Logo.jpg
Share this article