Kryptowire introduces mobile phone firmware vulnerability feed

Kryptowire discovered vulnerabilities in mobile device firmware and pre-installed mobile apps that pose a high risk for the mobile phone supply chain because they can expose consumer and enterprise data on purchase, the company said.

This means that the vulnerabilities are present, and the user is exposed to attacks even before she performs any activity such as using wireless communications or installing third-party apps.

To make matters worse, firmware exploits bypass all existing defenses including commercial Mobile Threat Detection (MTD), or mobile anti-virus, technologies because they cannot detect vulnerabilities below the application layer and offer no protection against evolving firmware exploits.

Kryptowire´s technology is capable of automatically discovering vulnerabilities from binary firmware images and applications at scale, allowing it to continuously monitor devices across different manufacturers and firmware versions.

Kryptowire automatically tests and validates the security and privacy of mobile and IoT firmware and applications to the highest government (NIST, NIAP) and industry standards (OWASP, GDPR). Kryptowire was jumpstarted by the Defense Advanced Research Projects Agency (DARPA) and the Department of Homeland Security (DHS) in 2011, is based in Tysons Corner, Virginia, USA and has a customer base ranging from government agencies to national cable TV companies.