May 30, 2011

Update: Security Alert: DroidDreamLight, New Malware from the Developers of DroidDream

Looking for more information on mobile threats like DroidDreamLight? Check out Lookout’s Top Threats resource.

The Threat

This weekend, multiple applications available in the official Android Market were found to contain malware that can compromise a significant amount of personal data. Likely created by the same developers who brought DroidDream to market back in March, 26 applications were found to be infected with a stripped down version of DroidDream we’re calling “Droid Dream Light” (DDLight).  At this point we believe between 30,000 and 120,000 users have been affected by DroidDreamLight.

The Lookout Security Team identified the malware thanks to a tip from a developer who notified us that modified versions of his app and another developer’s app were being distributed in the Android Market.  Our security team confirmed that there was malicious code grafted into these apps and identified markers associating this code with previously analyzed DroidDream samples.  We discovered 24 additional apps repackaged and redistributed with the malicious payload across a total of 5 different developer accounts.

Lookout users are automatically protected from this malware. Google has removed all of the apps known to be infected from the Android Market while they investigate.

Who is affected?
Apps containing DroidDreamLight have been available for download from the official Android Market. Anyone who has downloaded the apps listed below may be affected. We believe the number of affected devices to be in the range of 30,000 and 120,000 users. If you have downloaded these apps, contact us at and we can assist you in removing them.

The list of infected applications (by developer name) includes:

Magic Photo Studio

  • Sexy Girls: Hot Japanese
  • Sexy Legs
  • HOT Girls 4
  • Beauty Breasts
  • Sex Sound
  • Sex Sound: Japanese
  • HOT Girls 1
  • HOT Girls 2
  • HOT Girls 3

Mango Studio

  • Floating Image Free
  • System Monitor
  • Super StopWatch and Timer
  • System Info Manager

E.T. Tean

  • Call End Vibrate


  • Quick Photo Grid
  • Delete Contacts
  • Quick Uninstaller
  • Contact Master
  • Brightness Settings
  • Volume Manager
  • Super Photo Enhance
  • Super Color Flashlight
  • Paint Master

Update: We added an additional developer and its infected apps that was previously omitted, see below.


  • Quick Cleaner
  • Super App Manager
  • Quick SMS Backup

UPDATE: An additional developer was found to be publishing apps containing DroidDreamLight. They have already been pulled from the Android Market. See the list of apps and developer name below.


  • Tetris
  • Bubble Buster Free
  • Quick History Eraser
  • Super Compass and Leveler
  • Go FallDown !
  • Solitaire Free
  • Scientific Calculator
  • TenDrip

How DroidDream Light Works

Malicious components of DroidDream Light are invoked on receipt of a  android.intent.action.PHONE_STATE intent (e.g. an incoming voice call).  DroidDream Light is not, therefore, dependent on manual launch of the installed application to trigger its behavior.  The broadcast receiver immediately launches the <package>.lightdd.CoreService which contacts remote servers and supplies the IMEI, IMSI, Model, SDK Version and information about installed packages.  It appears that the DDLight is also capable of downloading and prompting installation of new packages, though unlike its predecessors it is not capable of doing so without user intervention.

How to Stay Safe

Lookout Free and Premium users are already protected. As we see the frequency of these threats increase, please keep in mind the following:

  • Only download apps from trusted sources, such as reputable app markets. Remember to look at the developer name, reviews, and star ratings.
  • Always check the permissions an app requests. Use common sense to ensure that the permissions an app requests match the features the app provides.
  • Be alert for unusual behavior on your phone. This behavior could be a sign that your phone is infected. These behaviors may include unusual SMS or network activity.
  • Download a mobile security app for your phone that scans every app you download to ensure it’s safe. Lookout users automatically receive protection against this Trojan.

We’ll keep you updated as we learn more. If you have questions about this or other malware, feel free to contact us at

Category:   Lookout News  •  malware  •  Security  •  Uncategorized
May 26, 2011

CNBC Interview: Protecting Your “Digital Wallet”

This afternoon CNBC invited Lookout’s CEO, John Hering, to discuss the introduction of Google’s NFC “Mobile Wallet.”  Rather than using credit cards or cash, NFC (Near Field Communication) will allow users to make purchases at the register directly with their mobile phone.  While NFC represents a new payment mechanism for vendors, it also represents a avenue for hackers.  As smartphone users adopt this mobile payment system, they will need to regard–and protect–their phone as they do their physical wallet.  In effect, near field communications will require near field security.

Protecting Your Digital Wallet: Lookout Mobile Security

Also, this evening, be sure to tune in to see Lookout featured on CNBC’s documentary: “Code Wars: America’s Cyber Threat” at 9pm PST/EST.  The show will focus on how dependent our country has become on technology—and “explore the vulnerabilities we face as a nation.”  Using a laptop, a $50 antenna and free software found online, John and Kevin show how easy it is to see traffic floating through the air.   Don’t miss “Code Wars: America’s Cyber Threat” tonight!

Category:   Lookout News  •  malware  •  Privacy
May 26, 2011

Is Anything Private on Your Phone Anymore?

We live in an age where smartphones allow us to connect to the Internet and perform tasks once thought to be impossible. People today are more concerned about privacy on their mobile phones than ever before, but are unclear about what is at risk and how they can protect their privacy. To help clarify, we decided to look at the range of personal information on your phone, explain the top privacy concerns and give simple steps you can take to put your mind at ease.

Category:   Privacy  •  Security
May 24, 2011

Your Phone Is More Essential Than Your Keys or Wallet

When you’re headed out the door in the morning, what three items do you always make sure to bring with you?  For most people, it is probably your wallet, keys, and phone.  As long as you have these essentials you can navigate your way through the day with ease, but if you lost one of these three, which would affect you the most? To find out, we asked our friends on Facebook:

Which of the following items would you be most upset if you lost: your phone, keys, or wallet?

What did we learn from the 1,766 people who responded to our survey question?


Phones are the most important!

More than 50% (886 respondents) ranked “phone” as the item they’d be most upset to lose. Some of our respondents elaborated on their answers:

“Great question.  My phone because you can’t use your wallet to call your phone but you can use your phone to cancel your credit cards.”

“A wallet can be replaced, so can keys, [but I could] never replace all the contact numbers, pictures and other personal things on a phone.”

Wallet came in at a close second with 777 votes.  One respondent explained:

“Wallets require so many bureaucratic hoops to replace: drivers license! credit cards! Costco Card! The worst. As long as my phone is backed up I can always get it up and running.”

Keys were not a priority for many respondents – less than 6% of people ranked “keys” as the item they’d least like to lose.  One person commented:

“Keys. Mostly my car key, which carries a rotating digital token, and costs at least $250 to replace and special order from the dealer.”

Indeed, a few comments admitted that this question was a “tough one.”  But it appears that the majority of people consider their phone invaluable—and would rather lose money, identity and credit cards, and keys than their mobile device!  This just shows how much we’ve come to rely on our phones these days.  We depend on our phone not only to store valuable information like photos and contacts, but we also regard it as our lifeline to the outside world.  Our phones enable us to connect with our friends, our social networks and stay up to date on the latest news. With everything we use our phones for today, it is little wonder that survey respondents rated “phone” as the most important item they carry and the one thing they would be most upset to lose.

Tell us what you think by following us on twitter @lookout or answering in the comments.

Category:   Lookout News  •  Lost Phone  •  Missing Device
May 23, 2011

Lookout Cracks A Case in Colorado

Lookout’s helping solve crimes all around the country!  Last month a news story in Arizona reported how Lookout helped police track down two carjackers.  Yesterday, Channel 13 in Colorado Springs reported how a Pueblo, Colorado man lost his phone and used Lookout to find it. When Jason Trigo realized he had lost his phone in a park, he began to panic.

“I was just thinking of what I’ve had on the phone and was kind of freaking out. I’ve got a lot of personal information on the phone.”  Then Jason remembered he had Lookout downloaded on this mobile device.

When Jason logged into his Lookout account, not only did he see the location pinpointed on a map, he also saw pictures that the thief had taken of himself on the phone!  The location information led police officers directly to the thief’s house, where Jason recovered his phone.  The sergeant involved in the investigation mentioned that in recent years, they’ve used find-my-phone applications to solve a number of cases.

Remember, if you misplace your phone or believe it’s been stolen, just log into our web site, select the “Missing Device” link, and choose “Locate.” Hopefully it’s just in the other room, but if someone’s taken it, you have an invaluable tool for police to help you recover it.

Watch the full story by clicking here: Lookout Finds Missing Phone.

Category:   Lookout News  •  Lost Phone  •  Missing Device  •  Security  •  User story
May 19, 2011

Second Hearing on Consumer Privacy and Protection in the Mobile Marketplace

Today, Google, Facebook, and Apple returned to Capitol Hill to participate in a second hearing held by the U.S. Senate Committee on Commerce, Science, and Transportation on mobile privacy. The legislators and panelists discussed the rapidly growing mobile landscape and the increasing need to safeguard mobile consumers’ private information.  Law makers particularly focused on how companies use, store, and distribute personal information gathered from their users.

The discussion began with the Committee Chairman, John Rockefeller, explaining that: “mobile online privacy is an issue that affects nearly every American.”  John Kerry elaborated that while consumers have rapidly adopted these devices, “it is not clear if Americans have any idea if their information is being tracked and shared.”  Both Rockefeller and Kerry agreed that there is a definite need to regulate privacy on mobile devices—but at the same time, continue to foster innovation and growth of the mobile economy.

The director of the FTC’s Bureau of Consumer Protection, David Vladeck, discussed the FTC endorsed “Do Not Track” bill. (Similar to the “Do Not Call” bill that provides an opt-out option for consumer from telemarketing, “Do Not Track” would allow consumers the option to disable tracking on their mobile devices.)  Vladeck stressed that consumer awareness is critical—people must be able to choose if their information is tracked—and control with whom it is shared.

Google, Apple, and Facebook also participated in this hearing and largely focused on how applications track users and the current privacy policies and tools in place.  Google emphasized that they are extremely careful with consumer information; if consumers do not “opt-in” they do not track their mobile device.

When asked if there were any mobile companies that specialize in making devices more secure, Morgan Reed, executive director of ACT (Association for Competitive Technologies), highlighted Lookout as a comprehensive mobile security protection for users.

Throughout the hearing, panelists and legislators agreed: security and safety for consumers is paramount.  Companies will work to offer transparent notifications that mobile users can easily understand—consumer education will be core to protecting people’s privacy.  However, a balance must be struck between protecting users and fostering mobile innovation—and the industry must work together to best determine where that balance lies.

For additional details, view the full Senate hearing on Consumer Privacy and Protection in the Mobile Marketplace.

Category:   Android  •  Apple  •  Lookout News  •  Privacy  •  Security
May 19, 2011

CNBC Documentary “Code Wars” Features Lookout Founders

Tune in to CNBC on Thursday, May 26th at 9pm PST/EST to watch “Code Wars: America’s Cyber Threat,” a documentary that examines our dependency on technology and “explores the vulnerabilities we face as a nation.”  CNBC will explore how we have grown completely reliant on computing devices and the ability to store and transmit information online.  “In the U.S., 240 million people, or 77% of the population, are online.” To gain insight into these cyber vulnerabilities and more specifically mobile threats, CNBC turned to Lookout to demonstrate how easy it can be for hackers to see—and potentially steal—information from people who are connected to an unprotected wireless network.

With people putting more of their lives online and accessing this information from their phone, they should use discretion when accessing information from untrusted WiFi hotspots. By illustrating how hacking threats can leave peoples’ “sensitive information exposed to cyber criminals,” we hope to bring awareness to security issues and help drive critical security in the future.

To get a taste of what to expect, check out the “Code Wars” trailer and be sure to pay special attention to the person featured after President Obama!

Category:   Lookout News  •  Privacy  •  Security  •  Vulnerability
May 18, 2011

Senate Committee to Question Online Giants on Smartphone Privacy … Again

Tomorrow, May 19, Apple, Google and Facebook will respond to questions from the U.S. Senate Committee on Commerce, Science, and Transportation on the topic of industry practices in online mobile data collection and usage. This is the second time in two weeks that Apple and Google have been called before the committee to discuss how they use and store personal information gathered about their users. Facebook was also asked to participate this time around after questions were raised about how it handles data about its users.

With the huge growth in the adoption of smartphones, more information than ever is being collected about mobile users, including their location, their contacts, and other personal information, often with minimal notification. As smartphones go mainstream and move well beyond early adopters, the mobile industry as a whole needs to raise the bar and deliver transparent notifications that anyone can understand. Awareness is critical in safeguarding people’s privacy consumers need to be aware of when and how their sensitive data is accessed and used.

Although we can’t immediately affect the policies of an entire industry, we can make sure there is an open dialogue about important issues like these so people are aware and can join the debate if they choose. To keep our own users informed about which apps on their phones collect different types of personal data we offer Privacy Advisor. Empowered with this information, our users can make their own decisions about which apps they want to keep on their phone.

Privacy Advisor

Category:   Android  •  Apple  •  Lookout News  •  Lookout Premium  •  Privacy
May 17, 2011

Critical Android Vulnerability: Use Precaution on Public WiFi

Please see below for an important update on this story.

Yesterday, researchers from Germany’s University of Ulm reported that some Android applications transmit sensitive authentication data without properly securing it, making people vulnerable to having their private data (e.g. Calendar Contacts, Pictures) accessed by an attacker.  When a vulnerable device transmits its authentication data, an attacker can eavesdrop and view transmitted data if you are connected to a public WiFi network or are using a hostile internet connection. Sending data unencrypted (e.g. via HTTP rather than HTTPS) is analogous to sending your sensitive data in clear envelope so that everyone can see its contents rather than in an opaque envelope. The specific vulnerability is found in applications that use Google’s ClientLogin authentication service over HTTP, rather than HTTPS, such as Google Calendar and Contacts.  An attacker can read a user’s digital credentials (i.e. “Auth Tokens”) when a vulnerable app on their phone syncs in the background.  The attacker can then obtain full access to any of the services the vulnerable app interacts with.

Attacks are most likely to occur when using untrusted networks, such as public WiFi hotspots. When you access untrusted WiFi hotspots, an attacker can eavesdrop on your phone’s network traffic to capture your authentication data in order to impersonate you using the compromised applications.  One example the researchers suggest is how an attacker “could change the stored email address of the victim’s boss or business partners hoping to receive sensitive or confidential material pertaining to their business.”

Phones it affects:

Those running Android versions 2.3.3 and earlier.  Google patched this vulnerability in phones running 2.3.4 and above.

How you might be affected:

If you have a phone running an Android version 2.3.3 or earlier and are accessing the internet over an unsecured WiFi network, you are at risk.

To check what version of Android you are running, open the Settings application and navigate to Applications -> About Phone. Click “Software information”.  If you are running a version of Android 2.3.3 or lower, your device is vulnerable and you should use caution when accessing a public WiFi hotspot.

How you can stay safe:

At the moment, the best protection is to avoid open WiFi networks on your Android device, but if you need to use public WiFi here are some tips:

  • When your device manufacturer offers a “system update,” update your phone immediately to the latest version of Android.
  • Ensure that you are using a secured WiFi network.  To make sure you are, check “Settings” on your phone and only connect to networks that require a password.  Avoid using free WiFi hotspots such as those in coffee shops and airports.
  • Let your device forget any public networks to which you previously connected. To prevent automatic reconnection, click on the open network name, hold down until you see a menu, then click “forget.”

Over the past few years there has been a big push to encrypt all sensitive data as it is transmitted.  For example, at Lookout, we use SSL (https) whenever you log into your account via the web or when your device communicates with our servers.  Currently, many web services like Gmail and Facebook by default do not use encryption for all data and it’s up to the user to opt-in.  Typically you can change these settings by going into the security module in your account and selecting the option to always connect via https.

We’ll keep you updated on this important news as more information becomes available.

Update: PC World reported today that Google will begin rolling out a patch to affected users today, May 18. Users need take no action to access the fix, which will take several days to roll out completely.

Category:   Android  •  Lookout News  •  Privacy  •  Security  •  Vulnerability
May 11, 2011

Security Alert: Zsone Trojan found in Android Market

The Threat

Recently Google removed a Trojan, Zsone, from the Android Market that has the ability to subscribe users in China to premium rate QQ codes via SMS without their knowledge. A QQ code is a form of short code that can subscribe users to SMS update or instant message services and are primarily used in China. This malware was embedded in 10 apps by the developer named Zsone available on the Android Market and alternative markets. Lookout free and Premium users are already protected.  The infected apps from Zsone are:

  • iMatch,
  • 3D Cube horror terrible
  • ShakeBanger
  • Shake Break
  • Sea Ball, iMine
  • iCalendar
  • LoveBaby
  • iCartoon
  • iBook

Once the user starts the app on their phone, the app will silently send an SMS message to subscribe the user to a premium-rate SMS service without their authorization or knowledge. We discovered one instance (iBook) that could subscribe a user to three different services via three silent SMS messages sent. For users in China, this may result in charges to the affected phone owner’s mobile accounts. We have also found instances of this malware on alternative markets targeting Chinese users.

Who is Affected

Currently this threat affects Chinese Android phone owners who downloaded the app from the Android Market. The total number of downloads attributed to this app in the Android Market appears to be under 10,000.  All instances of the threat have been removed from the market.

How to Stay Safe

Lookout Free and Premium users are automatically protected from this threat and do not need to take further action.

As the number of malware exploits on smartphones increase, it is more important than ever to pay attention to the apps you’re downloading. Here are a few tips to stay safe:

  • Only download apps from trusted sources, such as reputable app markets. Remember to look at the developer name, reviews, and star ratings.
  • Always check the permissions an app requests. Use common sense to ensure that the permissions an app requests match the features the app provides.
  • Be alert for unusual behavior on your phone. This behavior could be a sign that your phone is infected. These behaviors may include unusual SMS or network activity. Check your mobile phone statement for any unusual charges.
  • Download a mobile security app for your phone that scans every app you download to ensure it’s safe. Lookout users automatically receive protection against this threat

Category:   Android  •  malware