Security software firm Quarri Technologies has extended its hardened Web browser technology to iOS devices to protect against various Web attacks, including session hijacking and data theft. Quarri Protect on Q Mobile for iOS prevents Web browsers from copying and saving data onto iOS devices, Quarri Technologies told SecurityWeek. POQ Mobile for iOS will be part of Quarri’s Protect On Q security suite, which already protects Windows systems and Android devices.
As a general rule, administrators can’t ensure that the devices trying to access their Web applications are secure and safe, Mark Elliott, executive vice-president of product for Quarri Technologies, told SecurityWeek. POQ gives administrators that level of control by pushing a hardened Web browser onto user devices over an encrypted tunnel, Elliott said.
With POQ Mobile for iOS, Web application developers are able to define policies so that when a user on an iOS device comes to the site, the POQ browser is pushed onto the iPhone and iPad, according to Quarri.
“Mobile web applications have become the common interface for accessing information that drives business activity, making them extremely vulnerable to malware threats, as well as careless or malicious end users,” said Bill Morrow, executive chairman and CEO of Quarri Technologies.
When users try to access a protected site or Web application, they are automatically redirected to use the POQ-protected browser, Elliott said. This way, Web administrators can ensure that all data from the Web application are using a secure browser and transmitted to the endpoint over an encrypted connection.
Generally speaking, POQ is sold to Web application owners who configure the sites to deliver the POQ browser when a user lands o the page, Elliott said. Depending on policy controls defined by IT, POQ can prevent the browsers from accessing certain Web applications or Websites, implement SSL certificate rules, and scan for malware.
Confidential data leakage can happen one of two ways, whether it’s the end-user copying the data or the browser caching information, Elliott said. POQ administrators can restrict users from copying, printing, clipboarding, saving, or screen capturing the data displayed over the POQ browser. Since the POQ browser is pushed onto the endpoint when the user lands on the Website over a secure tunnel, there is no way for the data to be intercepted, Elliott said. And when the user finishes the session, the POQ browser is wiped from the endpoint and no data is left behind.
Like the rest of the POQ suite, POQ Mobile for iOS is a hardened browser which establishes a secure session between the Web server and the Web browser on the endpoint, and shields the data from session hijacking, frame grabbers, and other inbound attacks as it moves through the protected tunnel. Since POQ deletes itself from the device after the session finishes, the user is not vulnerable to cache mining and other malware attacks.
Along with POQ Mobile, Quarri enhanced POQ 3.0, its Web browser security product for enterprises. With POQ 3.0, administrators will be able to centrally manage and control browser sessions across iOS and Android smartphones and tablets, as well as Windows desktops and laptops, Quarri said.
The reporting component in POQ Manager provides administrators with key statistics, such as the number of client downloads, session key verifications and launches per policy, along with historical and graph views.
Administrators will also be able to detect and restrict jailbroken or rooted devices from being able to access sensitive data in order to minimize the security risk posed by these devices.
POQ Mobile and POQ 3.0 will be available as of Tuesday and requires iOS 5 or greater.
