Market Overview

Kryptowire Introduces the Market's First Mobile Phone Firmware Vulnerability Feed


Kryptowire automatically analyzes mobile device firmware and
applications against the highest internationally-recognized security
standards. This military-grade technology is now available to enterprise
users of major Unified Endpoint Management (UEM) platforms.

Kryptowire discovered vulnerabilities in mobile device firmware and
pre-installed mobile apps that pose a high risk for the mobile phone
supply chain because they can expose consumer and enterprise data on
purchase. This means that the vulnerabilities are present, and the user
is exposed to attacks even before she performs any activity such as
using wireless communications or installing third-party apps. To make
matters worse, firmware exploits bypass all existing defenses including
commercial Mobile Threat Detection (MTD), or mobile anti-virus,
technologies because they cannot detect vulnerabilities below the
application layer and offer no protection against evolving firmware

This press release features multimedia. View the full release here:

Kryptowire - Mobile and IoT Security (Graphic: Business Wire)

Kryptowire - Mobile and IoT Security (Graphic: Business Wire)

Kryptowire will present the details for over thirty five unique
vulnerabilities affecting twenty five Android devices, eleven of which
are sold by US carriers, today at Def
, in Las Vegas. Kryptowire's technology is capable of
automatically discovering vulnerabilities from binary firmware images
and applications at scale, allowing us to continuously monitor devices
across different manufacturers and firmware versions. More
about these vulnerabilities will be available upon request
after the Def Con presentation.

"Our researchers have extended their work that began in 2011 as a DARPA
effort to automatically test the security of 3rd party mobile
apps without access to source code. We can now do the same with mobile
phone firmware," said Angelos Stavrou, CEO of Kryptowire. "With the
hundreds of mobile phone makes and models on the market and thousands of
versions of firmware, best-effort manual testing and evaluations simply
cannot scale to address the problem of identifying vulnerabilities in
mobile phone pre-installed apps and firmware."

UEM/MDM platform customers can now identify employee devices that
contain firmware vulnerabilities that originate from the software supply
chain and take immediate action to mitigate any risk. For more
information about Kryptowire's mobile and IoT security analysis
technologies and to schedule a demo, visit

This work was supported by the Department of Homeland Security (DHS)
Science and Technology (S&T) via award to the Critical Infrastructure
Resilience Institute (CIRI) Center of Excellence (COE) led by the
University of Illinois at Urbana-Champaign (UIUC).

The views and conclusions contained herein are those of the authors and
should not be interpreted as necessarily representing the official
policies or endorsements, either expressed or implied, of DHS.

About Kryptowire

Kryptowire automatically tests and validates the security and privacy of
mobile and IoT firmware and applications to the highest government
(NIST, NIAP) and industry standards (OWASP, GDPR). Kryptowire was
jumpstarted by the Defense Advanced Research Projects Agency (DARPA) and
the Department of Homeland Security (DHS) in 2011, is based in Tysons
Corner, Virginia, USA and has a customer base ranging from government
agencies to national cable TV companies.

View Comments and Join the Discussion!