Kryptowire Collaborates with Orange and Uncovers
Major Vulnerabilities in Mobile Devices at Scale
Kryptowire Collaborates with Orange and Uncovers Major Vulnerabilities in Mobile Devices at Scale
December 13, 2021 – McLean, VA, United States – Kryptowire Inc., an enterprise mobile security and DevSecOps leader offering innovative, end-to-end cybersecurity solutions, today announced a successful collaboration with global telecommunications operator Orange wherein Kryptowire proactively identified a major security vulnerability present in several mobile devices in the market. As an industry leader committed to raising global standards for customer security and privacy, Orange is working with Kryptowire to audit the security of devices sold in their retail stores.
Kryptowire recently discovered a vulnerability affiliated with the AutoSLT application which is a system application used by several device manufacturers. This vulnerability allowed execution of arbitrary shell scripts as the system user, subsequently creating several exploitable liabilities, including command execution privileges that could compromise text messages, call logs, and contacts; audio and video recording, camera and screenshot use; initiating a remote device wipe, and more.
“As we enter a digital future increasingly defined by convergent, complex application and device networks, it is imperative that mobile leaders adopt a proactive, strategic, and rigorous cybersecurity posture that leaves no proverbial stone unturned,” says Dana Waldman, Chief Executive Officer, Kryptowire. “Our partnership with Orange offers an important reminder that to protect mobile end-users and customers, we must effectively implement robust, end-to-end threat detection solutions that identify key vulnerabilities while respecting end-user privacy.”
Upon discovering the vulnerability, involved actors in the smartphone industry fixed the vulnerability according to the best release schedule, either before release or through software updates of products already in the field. As part of the chain, Orange took immediate action with the involved parties to obtain security fixes. The developers affiliated with the third-party application in question have been made aware in accordance with responsible disclosure practices.
“Security is the foundation of trust in our digital society, and protecting our customers from cybersecurity threats is critical in order to allow them to use their devices on our networks with confidence,” said Stéphane Raulin, Vice President Device Technology and Anticipation, Orange Innovation Devices and Partnerships. “Orange is committed to strengthening the security of the mobile ecosystem with the help of Orange Cyberdefense, the Group’s expert cyber security business unit, as well as industry actors including OEM, OS and chipset providers. Our collaboration with Kryptowire has been exceptionally positive, and we look forward to building on the cybersecurity protocols we’ve established as part of our thorough testing process of devices.”
About Quokka, Inc.
The world of digital security is ready to evolve beyond distrust. We want less fear, and more peace of mind: less worry, and more confidence. Meet Quokka (formerly Kryptowire), a different kind of digital security and privacy company. Our proactive, light-touch solutions put users and their privacy first, helping people, teams, and enterprises around the world take back control of their digital security privacy in the new work and live anywhere world. Join us in being Quokka Secure.
Please visit www.quokka.io or connect with us on LinkedIn and Twitter (@Quokka_io) for more information.