Attacks/Breaches

7/3/2018
08:40 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Trustonic Awarded Cybersecurity Certification By French Government

Mobile, IoT and application security specialist accredited federally and internationally

03 July 2018, Cambridge, UK – Trustonic has been awarded the new Security Visa by the French National Cybersecurity Agency. This prestigious stamp of approval is used by the Agence nationale de la sécurité des systèmes d’information (ANSSI) to help commercial businesses and government organizations make informed decisions about cybersecurity solutions.

The ANSSI Security Visa recognizes the most secure, reliable and robust solutions. This certification is based on extensive penetration testing and in-depth analysis which ensures compliance with stringent international standards.

“Security is a top priority for business and government and both recognize that app protection is central in the battle against malware, hacking and fraud,” says Christophe Colas, SVP Products & Licensing, Trustonic. “Together with the other international accreditations we already have, including FIPS and GlobalPlatform, this latest award based on the Common Criteria certification of our product, demonstrates the robustness and reliability of our platform against the very highest standards. It gives our customers the confidence that they are choosing a solution that has been evaluated and approved by the most rigorous bodies, a critical consideration for banking, payments, IoT, government and enterprise mobile app developers who want to protect sensitive data, IP, customer information and, ultimately, their reputation.”

The Trustonic platform is already embedded into more than 1.5 billion devices and combines hardware and software security with development tools that make building the most secure mobile apps easy for developers. Trustonic provides a Trusted Execution Environment (TEE), a hardware-based security technology that offers a secure operating system (OS) isolated from the normal device OS, utilizing a unique and distinct trusted identity embedded into devices during manufacture. This makes the device, and trusted applications running on it that have been developed using Trustonic’s SDK, highly protected against threats and enables enhanced security such as biometric authentication and secure PIN entry.

“Many app developers use software protection alone or OS-based security functions, but it is rarely robust or effective enough to protect sensitive apps,” adds Colas. “By using Trustonic Application Protection, they can easily build enhanced hardware-backed protected applications to deliver faster, richer and safer services to any device.”

Learn more about how Trustonic Application Protection can protect your mobile app.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How the US Chooses Which Zero-Day Vulnerabilities to Stockpile
Ricardo Arroyo, Senior Technical Product Manager, Watchguard Technologies,  1/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He just showed up at my doorstep one day without a geotag."
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3906
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents.
CVE-2019-3907
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).
CVE-2019-3908
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data.
CVE-2019-3909
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention.
CVE-2019-3910
PUBLISHED: 2019-01-18
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.