October 25, 2016

Holistic mobile security means protection from threats, data leakage, and your own applications

Securing mobile devices and the data they access is a huge challenge. This is because of three key technology trends happening today:

1) Mobile apps have become the primary way that data is accessed and stored. Mobile apps account for over half of Internet use, according to a 2016 study from Andreessen Horowitz. Enterprises, however, rarely know what apps are being used on an employee’s mobile device and whether that app is collecting sensitive information.

2) Individual employees have tremendous control over their mobile environment. They have freedom to choose whatever apps they would like to use to get their work done. This isn’t inherently a bad thing — every company wants productive employees — but it can inadvertently put corporate data at risk if an employee chooses the wrong app..

3) Mobile apps creators range from Forbes 500 companies to a few guys in a garage. The problem is, app developers of any size do not know your company’s specific data protection sensitivities, government compliance regulations, industry standards, or data sovereignty laws. The apps are not always built to meet these sensitivities and may leak corporate data despite being otherwise “benign.”

Mobile apps introduce a new layer of complexity to an enterprise’s security strategy as IT now has to protect against everything from malicious apps to risky app behaviors.

Read More

October 10, 2016

Google Android security bulletin October 2016: remote code execution vulns continue

The October Android Security Bulletin contains 78 patches for Android devices — 23 more than last month, yet the third highest since Google started releasing the monthly patches. The release reveals more remote code execution (RCE) vulnerabilities, which could allow an attacker to take over a device requiring very little interaction from the victim.

Given the fragmentation of Android, and the slower patch cycles for these devices, mounting RCE issues could spell trouble for individuals waiting for patches and companies whose employees use Android devices.

This is likely one of the reasons why Google is starting to put more pressure on its partners to update Android devices more frequently.  

Read More

October 4, 2016

Microsoft and Lookout: Securing all your endpoints begins today


Today, we are excited to announce that the Lookout Mobile Endpoint Security integration with Microsoft Enterprise Mobility + Security (EMS) is now generally available.

This means that while enterprise employees more seriously consider mobile devices to be an invaluable tool in their everyday working lives, enterprise IT teams don’t have to struggle to secure the rapidly increasing number of endpoints on their networks.

Read More

September 29, 2016

Here’s what I told the U.S. Chamber of Commerce about mobile security


On Tuesday, I had the great pleasure to speak at the U.S. Chamber of Commerce’s 5th Annual Cybersecurity Summit. This premiere event convenes public and private sector leaders around one of our most pressing national security concerns. My presentation focused on how U.S. Government CIOs and security professionals can secure the next frontier for cyber attacks: the mobile device.

Read More

September 21, 2016

Enterprises: Only paying attention to big-name hacks? You may be missing the point


Security professionals are more likely to pay attention to breaches if the companies being breached already have recognizable names.

Seems like common sense. You see a headline that says, “Target point of sale technology hacked,” you’re much more likely to pay attention than, “Hospital in Kentucky suffers from ransomware attack.” Unless you live in Kentucky.

Security teams that do this, however, might be missing the big picture of how broad security incidents are and how they don’t just impact top names — everyone is at risk.

Read More

September 16, 2016

Four spyware apps removed from Google Play


We identified the Overseer malware in an application that claimed to provide search capabilities for specific embassies in different geographical locations. 

Through close collaboration with an enterprise customer, Lookout identified Overseer, a piece of spyware we found in four apps live on the Google Play store. One of the apps was an Embassy search tool intended to help travelers find embassies abroad. The malware was also injected as a trojan in Russian and European News applications for Android.

Google promptly removed the four affected apps after Lookout notified the company. All Lookout customers are protected from this threat.

Current variants of Overseer are capable of gathering and exfiltrating the following information:

  • A user’s contacts, including name, phone number, email and times contacted
  • All user accounts on a compromised device
  • Basestation ID, latitude, longitude, network ID, location area code
  • Names of installed packages, their permissions, and whether they were sideloaded
  • Free internal and external memory
  • Device IMEI, IMSI, MCC, MNC, phone type, network operator, network operator name, device manufacturer, device ID, device model, version of Android, Android ID, SDK level and build user
  • Whether a device has been rooted in one of several ways

Read More

September 8, 2016

Former CSO of AT&T, Dr. Edward Amoroso, talks mobile attackers and how enterprise security teams should innovate



Dr. Amoroso is a former SVP and CSO of AT&T. He is currently on the board of M&T Bank and the CEO of TAG Cyber, which has just released the 2017 TAG Cyber Security Annual, a comprehensive reference guide for cyber security professionals.

Read More

September 2, 2016

Update: Lookout re-airing on 60 Minutes

Screen Shot 2016-04-17 at 5.34.59 PM

Updated 9/2/2016: The segment will re-air on 9/4/2016. Interested in getting more in-depth information on our attack demonstrations? Read about how we did the Wi-Fi attack here and the mobile malware attack here

Tonight, 60 Minutes featured Lookout co-founder John Hering and a number of other well-known and respected security researchers demonstrating mobile attacks.

Read More

September 2, 2016

Pegasus and Trident: Your questions answered

Since Lookout first announced our discovery of the Pegasus attack and Trident vulnerabilities in partnership with Citizen Lab, we’ve received many clarifying questions from security professionals. In this series we’re answering the top queries we’ve received to help you better understand the facts around this unprecedented mobile threat.

Pegasus is a highly sophisticated piece of spyware that uses three previously unknown vulnerabilities called “Trident.” When strung together, these three vulnerabilities would allow an attacker to break out of the browser sandbox, jailbreak the device, and install the spyware. From there, the spyware can turn on the camera and mic, intercept text messages, and alter the existing apps on the device to spy on any encrypted or unencrypted data.

This is the most sophisticated mobile attack we’ve seen yet and marks a new era of mobile hacking.

In order to keep you informed about this ongoing, and concerning problem, we’ve pulled together answers to the top questions we’re receiving from security professionals.

Consider this your official hub for all things Pegasus and Trident. Read on.

Read More

September 2, 2016

So, you heard about Pegasus and Trident. Here’s what you should do now

Lookout Pegasus Trident WebinarGet an in-depth walk-through of this attack in this webinar by Lookout Vice President of Security Research Mike Murray.

Since Lookout first announced our discovery of the Pegasus attack and Trident vulnerabilities in partnership with Citizen Lab, we’ve received many clarifying questions from security professionals. In this series we’re answering the top queries we’ve received to help you better understand the facts around this unprecedented mobile threat.

Today’s question: What do I need to do next?

The Pegasus attack is the most sophisticated piece of mobile spyware ever seen. With just a single tap on a seemingly important text message it has the capability to cause catastrophic data loss to a targeted individual or organization, completely compromising all communications from a smartphone — messages, calls, emails, passwords, logs, and more from apps including Gmail, Facebook, Skype, WhatsApp, Viber, Facetime, Calendar, and others. Pegasus can even intercept data from end-to-end encrypted applications.

The relative ease and stealth with which this attack can infect a device, combined with the catastrophic data loss it causes, means that CIOs and CISOs need to be reacting to the Pegasus attack now to prevent further damage.

Read More