| Individuals February 6, 2020
February 6, 2020
For more than a decade, the Lookout Security Research team has been at the forefront of mobile threat research. We sat down with our Head of Threat Intelligence, Christoph Hebeisen, to learn what it means to be a security researcher in a world of constantly evolving threats.
I have always been deeply curious about how everything works at the most fundamental level. When I got my first computer, I quickly gravitated towards assembly (machine language). And, after spending years in academic research, I wanted to work in a field where I could make a difference more directly than in pure research. In threat research, I get to combine my curiosity and love of research with a cause that matters to me: the privacy and security of our data.
The future of computing, communications, entertainment, and work is mobile. However, the nature of mobile devices is different from fixed endpoints. They hop from location to location and from network to network -- there is no corporate network perimeter protecting them. In addition, mobile devices by their nature include communications channels that are not available on PCs, such as SMS, not to mention a host of third-party messaging applications. This environment poses a whole new set of interesting challenges we need to address to allow a smooth transition into the mobile-first future, without increasing the risk of data breaches.
As more of our personal and corporate data moves to mobile devices, the threats have become more varied. There has been an evolution over the past few years as threat actors, who in the past used simple malware to steal text messages or incur premium messaging charges, are now utilizing banking trojans and full-featured surveillance tools. Moreover, nation states use mobile surveillanceware-- from simple spying apps to zero-click device exploits-- to spy on both foreigners as well as their own citizens. Most recently, phishing campaigns have begun targeting mobile devices first or even exclusively. As a result, the field of research has dramatically expanded to cover every possible threat vector.
Researchers often encounter deliberately convoluted or obfuscated code, malware that tries to hide from discovery by only activating malicious functionality in a certain geography or on certain types of devices. In order to successfully research such malicious code, a researcher must not be daunted by seemingly insurmountable problems, and have a high level of creativity in addition to the more obviously necessary technical skills.
To know that our work makes the mobile ecosystem a better and safer place, not just for Lookout customers, but also for countless other mobile users, for example through the App Defense Alliance. This work is largely invisible to the beneficiaries-- just like many other safety and security functions. So while most users may never know that Lookout protected them from having their bank accounts compromised via a banking trojan or phishing link, I take pride in knowing that we do.
Want to hear more about being a threat researcher? Check out our Q&A with a few of our security intelligence engineers – Kristina Balaam, Kristin Del Rosso, and Apurva Kumar.