Kryptowire Collaborates With Orange and Finds Vulnerabilities in Mobile Devices
Kryptowire’s end-to-end cybersecurity engine identified vulnerabilities granting system user-level privileges for arbitrary shell script execution.
December 15, 2021
PRESS RELEASE
December 13, 2021 - McLean, VA, United States - Kryptowire Inc., an enterprise mobile security and DevSecOps leader offering innovative, end-to-end cybersecurity solutions, today announced a successful collaboration with global telecommunications operator Orange wherein Kryptowire proactively identified a major security vulnerability present in several mobile devices in the market. As an industry leader committed to raising global standards for customer security and privacy, Orange is working with Kryptowire to audit the security of devices sold in their retail stores.
Kryptowire recently discovered a vulnerability affiliated with the AutoSLT application which is a system application used by several device manufacturers. This vulnerability allowed execution of arbitrary shell scripts as the system user, subsequently creating several exploitable liabilities, including command execution privileges that could compromise text messages, call logs, and contacts; audio and video recording, camera and screenshot use; initiating a remote device wipe, and more.
“As we enter a digital future increasingly defined by convergent, complex application and device networks, it is imperative that mobile leaders adopt a proactive, strategic, and rigorous cybersecurity posture that leaves no proverbial stone unturned,” says Dana Waldman, Chief Executive Officer, Kryptowire. “Our partnership with Orange offers an important reminder that to protect mobile end-users and customers, we must effectively implement robust, end-to-end threat detection solutions that identify key vulnerabilities while respecting end-user privacy.”
Upon discovering the vulnerability, involved actors in the smartphone industry fixed the vulnerability according to the best release schedule, either before release or through software updates of products already in the field. As part of the chain, Orange took immediate action with the involved parties to obtain security fixes. The developers affiliated with the third-party application in question have been made aware in accordance with responsible disclosure practices.
“Security is the foundation of trust in our digital society, and protecting our customers from cybersecurity threats is critical in order to allow them to use their devices on our networks with confidence,” said Stéphane Raulin, Vice President Device Technology and Anticipation, Orange Innovation Devices and Partnerships. “Orange is committed to strengthening the security of the mobile ecosystem with the help of Orange Cyberdefense, the Group’s expert cyber security business unit, as well as industry actors including OEM, OS and chipset providers. Our collaboration with Kryptowire has been exceptionally positive, and we look forward to building on the cybersecurity protocols we’ve established as part of our thorough testing process of devices.”
About Kryptowire
Kryptowire combines mobile security expertise with an end-to-end, comprehensive security and privacy monitoring platform. Kryptowire builds solutions for developers and enterprises to take full advantage of mobile technologies without putting their businesses and employees’ personal privacy at risk. As a market leader in Mobile Application Security Testing (MAST), Kryptowire’s proactive mobile security solutions ensure a higher-level of security and privacy for mobile apps and mobile devices. Kryptowire’s platform provides automated vulnerability and compliance testing for individuals, enterprises, and nations to ensure security, privacy, and compliance across life stages and end-user networks.
You May Also Like