Andrew Blaich

Manager - Vulnerability Research




Andrew Blaich is a security researcher at Lookout where he is focused on mobile threat hunting and vulnerability research. Prior to Lookout, Andrew was the Lead Security Analyst at Bluebox Security. He holds a Ph.D. in computer science, and engineering from the University of Notre Dame in enterprise security and wireless networking. In the past Andrew has worked at both Samsung and Qualcomm Research. Andrew is a regular presenter at security conferences including BlackHat, RSA, Kaspersky SAS, SecTor, SANS DFIR, Interop, and ACSC. In his free time he loves to run and hack on IoT.

Andrew Blaich's posts


| Executives
October 17, 2017
Mobile vulnerabilities: What they are and how they impact the enterprise

CISOs understand that vulnerabilities in networks and other internal systems can be a major security threat, and that protecting against these should...

Read Morearrow_forward



| Executives
July 13, 2017
Data compromise via mobile threats: Enterprises are facing complex attacks

Mobile threats are more complex than a piece of malware in a third-party app store. In this blog post we dissect the “threats” component of the...

Read Morearrow_forward



| Researchers
March 27, 2017
Mobile Safari scareware campaign thwarted

Apple released an update to iOS (10.3) changing how Mobile Safari handles JavaScript pop-ups after Lookout discovers scammers using the functionality to execute a scareware campaign.

Read Morearrow_forward



| Researchers
November 1, 2016
DirtyCow and Drammer vulnerabilities let attackers root or hijack Android devices

Two especially critical flaws that allow an attacker to root or completely compromise a device have just been added to the litany of vulns on Android devices.

Read Morearrow_forward



| Researchers
October 10, 2016
Google Android security bulletin October 2016: remote code execution vulns continue

The October Android Security Bulletin contains 78 patches for Android devices — 23 more than last month, yet the third highest since Google started releasing the monthly patches.

Read Morearrow_forward



| Researchers
August 15, 2016
Linux flaw that allows anyone to hijack Internet traffic also affects 80% of Android devices

Lookout has discovered that a serious exploit in TCP reported this week also impacts nearly 80% of Android, or around 1.4 billion devices, based on an install base reported by Statista.

Read Morearrow_forward



| Researchers
July 20, 2016
A closer look at iOS 9.3.3: Apple patches 43 security vulnerabilities

Apple released the latest version of iOS version 9.3.3 on July 18 including patches for 43 security vulnerabilities. Industry watchers have been anticipating this update as one of the final patch cycles for iOS 9 before iOS 10 is released in the...

Read Morearrow_forward



| Researchers
July 15, 2016
Pokemon Go: New tampered apps & what you can do

Pokemon Go, is arguably the biggest mobile game in US history, but while fame breeds fans — even employees in the enterprise — it also attracts many...

Read Morearrow_forward



| Researchers
July 7, 2016
July Android Security Bulletin: 108 patches, the most we’ve seen to date

July’s 108 patches are the most we’ve seen to date. The vulnerabilities fixed this month ranged from remote code execution to privilege elevation to information disclosures.

Read Morearrow_forward



| Researchers
June 10, 2016
Android June Security Bulletin: Vulnerabilities increasing

Google released its monthly Android Security Bulletin this week. The TL;DR is there are 40 new security patches, the vast majority of which are...

Read Morearrow_forward