Kryptowire Collaborates with Orange and Uncovers Major Vulnerabilities in Mobile Devices at Scale

Jessel Thomas, Tech Times 14 December 2021, 01:12 pm

Kryptowire Inc., a mobile enterprise security and DevSecOps leader offering innovative, end-to-end cybersecurity solutions, today announced successful collaboration with global telecommunications operator Orange wherein Kryptowire proactively identified a major security vulnerability present in several mobile devices in the market. As an industry leader committed to raising global standards for customer security and privacy, Orange is working with Kryptowire to audit the security of devices sold in their retail stores.

Kryptowire recently discovered a vulnerability affiliated with the AutoSLT application, a system application used by several device manufacturers. This vulnerability allowed execution of arbitrary shell scripts as the system user, subsequently creating several exploitable liabilities, including command execution privileges that could compromise text messages, call logs, and contacts; audio and video recording, camera and screenshot use; initiating a remote device wipe, and more.

"As we enter a digital future increasingly defined by convergent, complex application and device networks, it is imperative that mobile leaders adopt a proactive, strategic, and rigorous cybersecurity posture that leaves no proverbial stone unturned," says Dana Waldman, Chief Executive Officer, Kryptowire. "Our partnership with Orange offers an important reminder that to protect mobile end-users and customers, we must effectively implement robust, end-to-end threat detection solutions that identify key vulnerabilities while respecting end-user privacy."

Upon discovering the vulnerability, involved actors in the smartphone industry fixed the vulnerability according to the best release schedule, either before release or through software updates of products already in the field. Orange took immediate action with the involved parties to obtain security fixes as part of the chain. The developers affiliated with the third-party application in question have been made aware in accordance with responsible disclosure practices.

"Security is the foundation of trust in our digital society, and protecting our customers from cybersecurity threats is critical in order to allow them to use their devices on our networks with confidence," said Stéphane Raulin, Vice President Device Technology and Anticipation, Orange Innovation Devices and Partnerships. "Orange is committed to strengthening the security of the mobile ecosystem with the help of Orange Cyberdefense, the Group's expert cyber security business unit, as well as industry actors including OEM, OS and chipset providers. Our collaboration with Kryptowire has been exceptionally positive, and we look forward to building on the cybersecurity protocols we've established as part of our thorough testing process of devices."