Vulnerability allows outside access to user data, camera function, system logs and device management
MCLEAN, Va., March 15, 2022 /PRNewswire/ — Kryptofil Inc., a mobile security and privacy solutions company, today announced that it has identified a critical security and privacy vulnerability affecting mobile devices with UNISOC, China leading designer of mobile phone chips. The chipset vulnerability, if exploited, allows malicious actors to take control of user data and device functionality.
Specifically, the vulnerability allows intruders to access call and system logs, text messages, contacts, and other private data, record video on the device screen, or use the external camera to record a video, or even to take control of the device remotely, by modifying or erasing data. In accordance with its disclosure policy, Kryptowire has notified manufacturers and carriers of affected devices, as well as UNISOC, of the vulnerability in December 2021.
“In an increasingly competitive mobile device market, it is imperative that device manufacturers build and maintain trust between operators and end users,” Alex LisleCTO, Kryptowire. “Kryptowire’s core technology, which provides rapid and automatic vulnerability scanning without intrusion into end-user data, helps stakeholders find and fix critical security and privacy gaps faster and faster. more effectively, increasing confidence in the face of complex security challenges.”
The use of mobile devices and operating systems (iOS and Android) has increased rapidly in the era of the pandemic, especially as more and more exchanges, transactions and communications go “mobile”. first of all “. This, combined with new risks discovered in the supply chain, has led to oversights and security breaches. As a result, enterprises need AI-powered, cloud-based mobile security solutions that not only protect mobile devices from bad actors, but also provide non-intrusive protection to their end users. In 2021 alone, Kryptowire analyzed over 3 billion lines of code in 70,000 applications, uncovering over 500 vulnerabilities affecting approximately 2 billion devices.
Founded in 2011, Kryptowire developed and launched its Mobile Application Security Testing (MAST), leveraging its proprietary military-grade scanning engine. This AI-enabled, cloud-based service gives organizations the ability to automatically scan mobile content for security, privacy, and compliance issues without accessing source code. This saves time, reduces the burden on human resources and maintains end-user privacy.
Kryptowire is a leader in cloud-based mobile security and privacy solutions, providing organizations and end users with the peace of mind that comes with intrusion-free mobile security. We enable organizations to scan mobile devices and applications for security, compliance, and other vulnerabilities without accessing source code, saving time and maintaining privacy. Our mission is to bring world-class mobile security to more businesses and communities around the world.
Please visit www.kryptowire.com or join us on LinkedIn and Twitter (@kryptowire) for more information.