Skip to main content
        • Products

          Q-Scout

          Leading edge mobile device security delivering dynamic, actionable intelligence for fleet-wide protection applications

          Q-MAST

          Comprehensive testing for developers who build, use, and manage mobile applications

          Q-Vet

          Mobile app vetting for curated and enterprise managed app stores

        • Solutions by Want

          Mobile Application Security Testing

          Advanced analysis utilizing static, dynamic & interactive analysis of Android and iOS mobile applications

          BYOD

          Secure devices connecting to the enterprise network in the work and live anywhere world

          App Vetting

          Transparent and high-confidence results using pass/fail security evidence

          End Users

          Airtight digital security that empowers you to make informed decisions on what apps you do and do not give access to

          Regulatory Compliance

          Automated compliance testing for the latest privacy and security standards

        • Untitled Document

          All Resources

          Blogs

          The latest industry news in cybersecurity’s ever-evolving landscape

          Newsroom

          Press releases, news stories and media highlights from Quokka

          Webinars

          Videos and content where you can learn about the latest threats, trends and issues in cybersecurity

          Whitepapers

          Insights and helpful assets for exploring cybersecurity and digital security

        • Datasheets

          An in-depth description of Quokka solutions

          Technical Papers

          Deep dive into cybersecurity topics and technical papers discovered by Quokka

          Use Cases

          Detailed overview of how Quokka solutions solve real-world pain points

          Partners

          Learn more about Quokka’s technology partners

        • Company

          Careers

          There are jobs - and then there is a career at Quokka

          Industries

          Solutions designed for security needs of your organization

          Leadership

          Quokka’s global management team comprised of security experts and industry leaders

  • Support

Kryptowire Advises to Proactively and Regularly Patch Smart Devices

Major Security Vulnerability Affecting All Android Devices Running Android 10 & 11 Discovered;
Users Need to Take Action and Patch

Major Security Vulnerability Affecting All Android Devices Running Android 10 & 11 Discovered;
Users Need to Take Action and Patch

News Highlights

  • Missing permission check, in a core pre-installed app results in a vulnerability
  • Arbitrary app components could be disabled, potentially leading to a local Denial of Service (DoS) attack without requiring any additional privileges or user consent
  • Vulnerability has since been patched and all Android users are encouraged to update their device

August 4, 2022 – McLean, VA, United States Kryptowire Inc., a mobile security and privacy solutions company, today publicly announced the discovery of a major security vulnerability (CVE-2021-0706) affecting all Android devices and vendors running Android versions 10 & 11. First discovered in July 2021, Google considered the vulnerability to be of “high” severity and offered a patch within three months. However, on average, only a minority of users (17%) installed an update on the day of its release and the update rate significantly drops over the period of 102 days, with only 53.2% of users, on average, updating within a week¹. With more than 50% of Android tablet and mobile users currently running Android 10 & 11², Kryptowire encourages Android users to routinely update their devices to prevent exploitation.

This particular vulnerability, discovered by Kryptowire, allowed unauthorized apps to make device-level changes, which could be used to disable apps providing security defenses, hold the device for ransom, cause the device to persistently crash at boot (requiring the user to wipe the device to recover it, resulting in potential data loss), bypass third-party lock-screen apps, disable competitor apps, among other uses.

The vulnerability was discovered during a routine scan of a pre-production device with Kryptowire’s Mobile Application Security Testing (MAST) solution, which enables companies to proactively detect security weaknesses and vulnerabilities in mobile apps. Kryptowire discovered the vulnerability in a pre-installed app called System UI, where users were exposed to unauthorized privilege escalation and local Denial of Service (DoS) attacks. The System UI application is present in core Android code, which affects all Android vendors. A patch, released in October 2021, remediates this vulnerability. According to StatCounter, more than 50% of Android tablet and mobile users are currently running Android 10 & 11.

For more technical information on the vulnerability visit: https://www.kryptowire.com/blog/Disabling-Arbitrary-App-Components-Vulnerability-in-AOSP

Best Practices to Keep Your Mobile Device Safe

  • Automatic Updates – Turn on automatic updates whenever possible; if a trusted program prompts you to opt into automatic updates, say yes.
  • Backup Data – Have a secure archive of your important information, whether that’s classified documents for your business or treasured photos of your family. Backing up your data allows you to restore your device quickly and seamlessly in the event of data loss.
  • Secure Apps Regularly – Only download apps from the official Google Play Store or Apple App Store, delete apps you no longer need and scan all apps for potential vulnerabilities and privacy issues.
  • Mobile Security Software – Add an extra layer of protection against ransomware, dangerous websites, unsafe Wi-Fi networks, unwanted access to your device, and more.
  • Be in the Know – Stay on top of the latest threats to help protect yourself from known vulnerabilities.

About Kryptowire MAST

Kryptowire Mobile Application Security Testing (MAST) allows organizations and users to scan devices for security and privacy vulnerabilities. As mobile devices become the focal point of users in both their personal and professional lives, the far-reaching impact of potential security and privacy vulnerabilities continues to increase and threat actors are targeting mobile devices with greater prevalence.

“The best way to prevent security disasters is to stay one step ahead of bad actors,” said Alex Lisle, CTO, Kryptowire. “To that end, we often collaborate with industry manufacturers to run a proverbial joint offense. Last year, we were grateful for the opportunity to work with Google and Android to help them neutralize a major vulnerability before it became a threat.”

About Kryptowire

Kryptowire is a leader in cloud-based mobile security and privacy solutions, delivering end users and businesses the peace of mind that comes with privacy-first mobile security. Our mission is to make privacy-first mobile security more efficient, effective, and accessible to people and organizations around the world.

Please visit www.kryptowire.com or connect with us on LinkedIn and Twitter (@kryptowire) for more information.

Media contact:
[email protected]

¹A study publicized by Journal of Cybersecurity
²According to StatCounter

Leave a Reply

Close Menu