Whitepaper – Exploring the Security of KaiOS Mobile Applications

KaiOS is a mobile operating system, forked from the discontinued Firefox OS, in which all the mobile applications running on a KaiOS-based mobile device are built using web technologies, such as HTML, JavaScript, and CSS. In this independent research project, we demonstrate that six of the pre-installed mobile applications are vulnerable to remote, and local, … Continue reading Whitepaper – Exploring the Security of KaiOS Mobile Applications

Technical Advisory – Multiple HTML Injection Vulnerabilities in KaiOS Pre-installed Mobile Applications

Multiple HTML injection vulnerabilities were found in several KaiOS mobile applications that are pre-installed on KaiOS mobile devices. The following vulnerabilities affected multiple KaiOS mobile devices: KaiOS Email Application HTML Injection (CVE-2019-14756)KaiOS Contacts Application HTML Injection (CVE-2019-14757)KaiOS File Manager Application HTML Injection (CVE-2019-14758)KaiOS Recorder Application HTML Injection (CVE-2019-14760)KaiOS Note Application HTML Injection (CVE-2019-14761)KaiOS FM Radio … Continue reading Technical Advisory – Multiple HTML Injection Vulnerabilities in KaiOS Pre-installed Mobile Applications