ANN ARBOR — Duo Security, the Ann Arbor-based multi-factor access protection provider, announced troubling results of the security of Android and Microsoft mobile devices.
The new findings were released in conjunction with the announcement of a new version of Duo Security’s Trusted Access Platform. The new platform introduces features to help protect against these vulnerabilities, blocking access to devices with out-of-date browsers and operating systems.
The findings highlight that a significant proportion of devices are running out-of-date browsers, leaving enterprises susceptible to security vulnerabilities.
* Across one million Android devices analyzed, 59 percent are running out-of-date Chrome browsers, 30 percent are not passcode protected, and more than 20,000 had been tampered with.
* Across three million devices analyzed, the dominant browser platform is Chrome (36 percent) followed by Internet Explorer (29 percent), Firefox (12 percent), Safari Mobile (8 percent), Safari (7 percent), Chrome Mobile (3 percent), Microsoft Edge (3 percent), AppleMail (1 percent), and Chrome Mobile iOS (1 percent).
* Browsers running old and vulnerable versions of Flash are Internet Explorer (62 percent), Safari (32 percent), Firefox (32 percent), and Chrome (11 percent). Security flaws in old versions of Flash can result in data leaks and remote code execution, allowing an attacker to take control of an affected system.
On the heels of the introduction Duo’s Single Sign-On, the company announced a new version of its Trusted Access platform. For this new version, Duo:
* Introduced new access control features that allow administrators to limit application access to specific platforms and requires that users have the latest versions of software to access critical applications. For example, administrators can set a policy that requires users that access corporate financial applications to be on the most up-to-date operating systems and browsers.
* Added integrations with Oracle Access Manager, CA Siteminder, and Workday to its more than 200 out-of-box integrations with cloud and web applications as well as VPNs.
* Became the very first vendor ever to integrate with the Google’s SafetyNet APIs. The partnership between Duo and Google makes Bring Your Own Device (BYOD) practices significantly safer in corporate environments.
According to Michael Hanley, Duo’s director of security, “Using the SafetyNet API, we are able to deliver a leap-ahead advancement in assessing the trustworthiness of an Android device in an easy way.”
Through its integration with the Google’s SafetyNet APIs, Duo’s tamper detection can now identify tampered Android devices, in addition to rooted or jailbroken status. With the inclusion of SafetyNet attestation in Duo’s Trusted Access platform, administrators can now set policies to allow only trusted devices to access their company’s sensitive data, blocking any tampered Android devices.
Duo Security customers include Dresser-Rand Group, Etsy, NASA, Facebook, K-Swiss, Paramount Pictures, Random House, SuddenLink, Toyota, Twitter, Yelp, Zillow, and more. Duo Security is backed by Benchmark, Google Ventures, Radar Partners, Redpoint Ventures and True Ventures. Try it for free at www.duo.com.