June 28, 2016

Two crucial points we learned at this year’s Gartner Security Summit

IMG_3708

Lookout chief strategy officer, Aaron Cockerill, presenting at the 2016 Gartner Security Summit

Read More

June 27, 2016

LevelDropper: A takedown of autorooting malware in Google Play

3505700025_887f7581a5_z

LevelDropper, an app in the Google Play Store that we determined to be malicious, is the latest example of a new and persisting trend in mobile threats: autorooting malware.

Lookout discovered the app last week and worked with Google to have it removed. All Lookout customers are protected from this threat.

At first glance, LevelDropper seemed to be a simple app to use instead of a physical level from your toolbox, but upon deeper analysis, it turned out to conceal its malicious behavior. The term “autorooting malware” represents a classification of mobile malware that silently roots a device in order to perform actions only possible with more privileges. In this case, LevelDropper stealthily roots the device and goes on to install further applications — many of them — to the victim’s device.

Read More

June 24, 2016

Security week-in-review: Millions of U.S. voter profiles left accessible

5139407571_1c81d07a8c_z

It’s hard to keep up with the hundreds of security-specific headlines published every week.

So, we’re rounding up the top news that affect you, your business, and the security and technology industry overall. This week we explore unprotected voting records, unencrypted iOS components, and Google’s new two-factor authentication option. Check back every Friday to learn about the latest in security news.

Read More

June 24, 2016

What a real life risky app looks like: a warning from the DoD

In late May 2016, the U.S. Department of Defense (DoD) released an advisory to their armed services and civilian workforce warning about an Android app called “CAC Scan,” which was found publicly available on the Google Play market.

cacscan-store

Read More

June 21, 2016

Introducing network protection for mobile man-in-the-middle attacks

Screen Shot 2016-06-15 at 1.52.16 PM

Today we are excited to announce the availability of network protection, an automated on-device analysis of network connections that defends against man-in-the-middle (MitM) attacks and ensures information is being securely transmitted.

With every enterprise now shifting towards a mobile-first, cloud-first workplace, employees’ day-to-day work now happens beyond the traditional enterprise perimeter.

The enterprise security risks from man-in-the-middle attacks

Many enterprises encrypt sensitive corporate data on mobile devices, but attackers can intercept and decrypt this data via man-in-the-middle attacks using equipment that costs less than $100.

Data in transit on mobile devices is an unmitigated security risk for many organizations. Employees tend to freely connect to public Wi-Fi networks on their smartphones and tablets, not thinking twice about installing proxies to gain access. Unfortunately, they are also largely unaware this can enable attackers to decrypt all encrypted traffic streams going to and from their devices.

Why Lookout network protection is better

Lookout network protection is the most actionable defense against MitM attacks because it focuses on the risks that are the most relevant to enterprises, namely, attempts to intercept encrypted data in transit.

Screen Shot 2016-06-20 at 1.04.34 PM

The Lookout endpoint app automatically detects when a device connects to a new network (Wi-Fi, cellular, VPN, tethered) and immediately runs a series of health checks on that new network to ensure that it is behaving properly. Examples of checks performed include determining that the Root Certificate Authority used to issue SSL certificates for HTTPS sites matches expected values and that the cipher suites and TLS versions used are strong.

Why Lookout network protection delivers better protection from MitM attacks:

Automatic detectionWhenever a device connects to a new network, the on-device Lookout app automatically checks reference servers with known certificate properties and a known TLS configuration. This allows us to compare expected network configuration properties with the established network properties we see. By analyzing whether these established connections meet expected properties, we can determine whether connections are being tampered with by utilizing any of the methods described above (Host certificate hijacking, TLS downgrade, and others).

Reduced false positivesMost progressive mobility programs do not restrict an employee’s ability to connect to cafe, hotel, or airport Wi-Fi networks as that would hinder productivity. However, some approaches to MitM detection will surface admin alerts for this everyday activity. These approaches lead to an abundance of false positives that are not actionable by the average IT organization.

The Lookout approach focuses on the risky types of connections that put encrypted data at risk and thus are not reasonable for employee use. By having an endpoint agent on the device, we are able to introduce a lightweight solution to the user that doesn’t require a VPN to analyze network traffic. This minimizes false positives, enabling users to stay connected and productive on the go.

RemediationIf a new network connection is deemed unsafe, Lookout will alert the employee, letting them know of the threat and that they should disconnect from the Wi-Fi network or uninstall the configuration profile.

Lookout is also able to apply automated remediation via Mobile Device Management solutions during a MitM attack, if a secure connection is present.

How to learn more about the risks of MitM

To learn more about the real risks of employees regularly connecting to hotel and coffee shop Wi-Fi networks and to see a live MitM attack demonstration attend the upcoming webinar, Understanding Mobile Man-In-The-Middle Attacks and the Enterprise Security Risks.

Network protection is the latest security layer within Lookout Mobile Threat Protection, and is now available through over 58 global value-added resellers and distributors, and represents continued commitment by Lookout to delivering superior mobile security to large enterprises.

June 17, 2016

Security week-in-review: Alleged DNC papers leaked in the latest whodunit

2791119181_2cdec9e8e5_z

It’s hard to keep up with the hundreds of security-specific headlines published every week.

So, we’re rounding up the top news that affect you, your business, and the security and technology industry overall. This week we explore Android vulnerabilities, stolen DNC data, and a serious scam against enterprises. Check back every Friday to learn about the latest in security news.

Read More

June 16, 2016

The problem with root enablers

Week5_Infographic_FINAL_600px

In this 4-part series you’ll learn why mobile security matters. We’ll explain common threats, debunk myths, and give you the tools to protect your phone and data — all while speaking a language you still understand. This is the final installment. Make sure to catch up on previous chapters in the series: mobile ransomware, spyware, adware.

Read More

June 14, 2016

Adware: Interrupting you while compromising your privacy

Week4_Infographic_FINAL_600px

In this 4-part series you’ll learn why mobile security matters. We’ll explain common threats, debunk myths, and give you the tools to protect your phone and data — all while speaking a language you still understand. This is part three. Stay tuned for next week’s chapter on root enablers.

Read More

June 10, 2016

Security week-in-review: Google patches critical Android bugs; Twitter locks accounts

6987505625_4d377c5f86_z

It’s hard to keep up with the hundreds of security-specific headlines published every week.

So, we’re rounding up the top news that affect you, your business, and the security and technology industry overall. This week we explore Android patches, high-profile breaches, and more ransomware. Check back every Friday to learn about the latest in security news.

Read More

June 10, 2016

Android June Security Bulletin: Vulnerabilities increasing

android

Google released its monthly Android Security Bulletin this week. The TL;DR is there are 40 new security patches, the vast majority of which are “critical” or “high” concern.

This makes a total of 162 vulnerabilities reported via the monthly Android Security Bulletin for 2016. The vulnerabilities fixed this month range from remote code execution to privilege elevation to information disclosures. Of the total bugs listed in June’s report, 37.5 percent were found in the Android mediaserver code, which is where “Stagefright” and its family of vulnerabilities exist.

One of these was a critical remote code execution vulnerability, so be careful opening any media files from untrusted sources until you have received the patch.

Read More