May 31, 2012
If you’ve been tuning into the news this week, you’ve probably heard of “Flame,” recently discovered computer malware that is believed to have targeted and infected computers in the Middle East for years. Reportedly, Flame can perform a variety of spy-like commands including: accessing data, capturing screen shots, and even recording audio through the computer’s microphone. It is speculated that as many as 1,000 computers belonging to individuals, private companies, government-run organizations and educational institutions may have been affected. Reportedly, Flame can infect computers through a number of channels including local networks and USB sticks.
While the motive and identity of the Flame malware writers still remains a mystery, much of the news around Flame raises the question: could this be cyber espionage? One thing is clear, with all of the sensitive information stored and shared on laptops, phones and tablets, securing digital devices is essential.
What can people do to stay safe?
- Connect to secure sources. Exercise caution when connecting to WiFi or plugging in USB/external hard drives.
- Monitor your network activity for any suspicious activity.
- Download antivirus software. Most major computer antivirus software programs now detect Flame, so updating your security software will protect you.
By following a few basic steps you can help keep your computer and your valuable information protected.
May 30, 2012
We’re all excited to get our hands on the Samsung Galaxy S III, and this week the unveiling began, with devices shipped out to individuals across Europe and the Middle East. By July, the highly anticipated smartphone (which happens to be the official phone of the London Olympics!) will be available in 145 countries. But as we’ve seen with past flagship phone launches, eager fans are looking for ways to gain early access to this new technology. For the past few weeks, fanatics have been taking the unreleased S3, dissecting some of its headline features, including S-Voice and Flipboard, and sharing them in unofficial marketplaces.
There will always be a set of power users who are enticed by the new and sparkly, looking to gain first access or bend the phone to their will. Whether that’s rooting it or extracting apps or firmware unique to the device, these developers can often get applications working on devices that aren’t officially supported by the manufacturer. They can also distribute their rooted apps into unofficial marketplaces, where anyone can download the application.
The danger is that these types of apps may be perceived by users as fully functional, production ready software. Unfortunately that’s very often not the case – they can be incomplete and/or unstable, and even have the potential to cause a user’s phone to be more unstable. It’s also possible for malware developers to potentially inject malicious code into apps that are found on forums or discussion boards. This doesn’t seem to be a major problem on most of the more popular mod’ing sites, but users should nonetheless use discretion when installing apps, and should carefully read the ratings and reviews to get a sense of the app’s quality and reputation.
In general, all users should exercise caution when selecting custom apps or firmware to load to their phone. Often there is a substantial amount of user feedback on the quality and legitimacy of any given ROM. If there isn’t, that should be a warning sign. When in doubt, users should install a smartphone security application like Lookout to their phone. Two features that we’ve recently released – file system monitoring and install monitoring – are specifically designed to detect malware in these cases. They provide an effective, faster means of protection that is less battery intensive than SD card scanning, and help proactively scan applications prior to install in cases like side-loading.
Lookout offers its security expertise on this topic in Electric Pig this week: The Galaxy S3 and the Android Vultures.
May 24, 2012
Last December, Lookout discovered a number of toll fraud malware apps posted to Google Play (formally known as the Android Market). The malware, named RuFraud, masqueraded as popular apps including Angry Birds and Cut the Rope and targeted European Android users. Many of the fake apps were advertised as free, but when an unsuspecting smartphone owner downloaded the malicious app, premium rate text messages were charged to their phone bill through a “shortcode.” We quickly worked with Google to identify, remove, and protect users from downloading all instances of RuFraud (over 27 RuFraud applications) from Google Play.
Whenever malware like RuFraud is discovered and removed from popular markets, a common question is: whatever happened to the scammers behind the malware? This week, an answer to that question came from PhonepayPlus, an organization that regulates phone-paid services in the UK. PhonepayPlus cut off the RuFraud malware attack by suspending the shortcodes used in the RuFraud apps, ensuring that any money charged by the malware could no longer reach the fraudsters. PhonepayPlus has ordered the firm behind the RuFraud scheme, A1 Agregator Limited, to pay £50,000 in fines, money that will be refunded to smartphone users who incurred unauthorized charges.
It’s great to see regulators and the security industry working together to take action against this new form of criminality, and we’re glad to support such efforts with our research and technical analysis of new threats as they emerge. The potential impact in the UK was significant, but according to our research we know that other countries were affected as well. When we first saw RuFraud in early December 2011, the premium shortcodes used could affect users in Russia, Azerbaijan, Armenia, Georgia, Czech Republic, Poland, Kazakhstan, Belarus, Latvia, Kyrgyzstan, Tajikistan, Ukraine, Estonia as well as Great Britain, Italy, Israel, France, and Germany. We look forward to collaborating with other countries to continue to protect smartphone users in their local region.
May 23, 2012
Summer is almost here! There’s no better way to kick off the season than with a camping trip. Don’t forget to pack your smartphone – by downloading a few key apps, it becomes as versatile and valuable to the camper as a trusty Swiss Army Knife. Whether you are a hiker, amateur astronomer or campfire gazer, Lookout has picked the best camping apps to make your trip easy and fun. Just promise us you won’t check your work email too often.
We Camp Here If you don’t have a destination in mind, We Camp Here is a great way to find a campground – even from the road. Find campgrounds on a map, read descriptions and reviews, call to reserve a site and then the app will navigate your way there. Available on Android ($2.99), iPhone/iPad ($3.99)
My Tracks or Columbia’s GPS Pal When you set out on a hike, these apps use the GPS sensor in your phone to track and record your path. When you return, you can brag about exactly how far you went, how much you climbed and how long the whole trip took you. My Tracks available on Android (free), Columbia’s GPS Pal: Android, iPhone/iPad (free)
Peaks Ever wonder exactly what mountain you’re looking at, or how high it is? Hold your camera up to the landscape, and Peaks adds the names of all the mountains within range, their elevation, and your distance from them. Very cool heads-up display! Available for iPhone, $2.99
GoToAid or First Aid by British Red Cross If you happen to take a tumble or get stung by a bee, these apps provide clear, nicely illustrated first aid instructions for medical emergencies from minor cuts to broken arms. GoToAid even includes first-aid instructions for pets, in case Fido gets sick as a dog. First Aid by British Red Cross available on Android (free), GoTo Aid Lite available on iPhone and iPad (free).
Coleman Camping Cookbook This app takes all the pain out of meal planning. Just enter the number of days you’re camping, the number of friends you’re going with and your favorite food types and the app generates an entire meal plan—complete with shopping and equipment lists! If you’re more of a seat-of-the-pants type, the app will also suggest recipes based on the ingredients you have in front of you. Sweet! Available for iPhone and iPad (free)
Coleman Campfire Tales What’s at the core of any great camping trip? Stories and songs around the campfire! Gather the kids around and scare the bejeebers out of them as you read from a collection of spooky stories, complete with sound effects. Available for iPhone and iPad (free)
Google Sky Map or Star Walk Who isn’t amazed at the incredible number of stars you can see when you get away from the city lights? These apps allow you to point your phone at the sky and see the names of all the constellations and planets appear right in front of you. Look up, down or spin around and the map tracks along with you. Just using these portable planetariums is half the fun! Sky Map available for Android (free), Star Walk available for iPhone and iPad ($2.99)
Lookout Mobile Security One thing is almost certain when you’re camping – you’re moving around a lot! Sometimes that means you drop things – and sometimes the thing you drop is your smartphone. With Lookout, you can just borrow a friend’s phone or stop by the ranger station to log into the Lookout website and locate your phone on a map. Problem solved! Back to the cooler and camp chair! Available for Android, iPhone and iPad (free)
Stay tuned to the Lookout blog over the next couple of weeks for more tips on apps that will make your summer even more great!
May 21, 2012
Over the past week it’s come to our attention that a select number of Android phones manufactured by ZTE have been found to contain a poorly protected setuid shell that can be used to gain elevated privileges – also known as ‘root’ access.This type of access allows an attacker full control over a target device – which includes the ability to install or uninstall applications without notice and access to any sensitive personal information on a device.
One might ask, what is the setuid shell? When installing an app, Android by default creates a ‘UID’ (aka User ID) specifically for that package so that it can have its own private resources / storage space. When an app is deleted, so is the corresponding UID. One very special UID is ‘root’, and when something runs as this UID, they have access to everything on the system. This setuid shell, when run, allows an application to grant itself root privileges and ‘run as root’.
This particular vulnerability appears to be limited to a single model of mobile phone distributed through MetroPCS in the US – the ZTE Score M. While acknowledging this issue, ZTE has stated that they are actively working on a security patch and expects to send the over-the-air update to affected users in the very near future. ZTE has publicly denied that any other devices are affected. In no way are other, non-ZTE devices affected by this issue.
May 18, 2012
If you have kids, odds are one their favorite “toys” is a mobile device. With the rise of intuitive, easy-to-use smartphones, tablets and apps, children are reaching for mobile devices to learn about and engage with the world. Check out this infographic to learn more about “generation mobile” and tips to ensure children explore all the mobile world has to offer — safely.
Click to enlarge
May 15, 2012
Hello, ni hao, 안녕하세요, приве́т!;
The Lookout passport is getting pretty full. Our award-winning Android security app is now available on Google Play in Russian, Korean and Traditional Chinese. This is in addition to the previously localized versions of Lookout in German, French, Japanese, Spanish, Brazilian Portuguese, Polish and Simplified Chinese.
Users around the world can now keep their mobile device protected in their local language. With today’s additions, Lookout is now available in eleven different languages! Here are a few fun facts to celebrate today’s launch:
May 11, 2012
Let’s face it, making phone calls is so ten years ago. Text messaging is the dominant form of mobile communication, and spammers are chomping at the bit to take advantage of that. And when you think about how little the cost of engaging in such malicious activity really is, it’s no wonder U.S. spam texts rose 45 percent last year to 4.5 billion total messages. A prospective spammer needs just a prepaid phone with an unlimited texting plan to wreak SMS havoc on millions of unsuspecting victims, all of which they can do for a minimal $50-$100 fee. With returns that see no bounds, the only way to stop these perpetrators without government intervention is knowing how to protect yourself. Fortunately, Lookout’s got your back for that! Here are some steps you can take to ward off those pesky spammers:
Report spam texts to your carrier.
- Supported by AT&T Inc., Verizon Wireless, Sprint Nextel Corp. or T-Mobile USA? Forward spam texts to ’7726′ to deter future wrongdoing. You can also access your carrier’s website or customer service line to block numbers from which you receive spam, too.
Register your mobile number with the FTC’s Do Not Call Registry.
- Go to www.donotcall.gov and enter your digits. Numbers on this list will be off limits to potential spammers within a month of getting on the list. If unwarranted calls keep coming your way, you can report abusers on the same site.
Reply to unsolicited messages with “STOP” to prevent future texts from that sender.
- Really, it’s that easy. When clicking on a spam link installs malware on your phone or authorizes premium charges on your phone bill, this is often times your best mode of defense.
Use apps to cope with spam.
- The Kedlin Company’s Call Control app for Android devices can block communication from unwanted numbers.
May 9, 2012
Many of us have felt the pain of losing our most valuable accessory, have seen a friend panic because they misplaced their phone and it’s on silent, or have heard an announcement over a loud speaker asking if anyone has found a lost phone. If you find yourself in one of these desperate situations, you could be in luck. You can download Plan B, an innovative app that can help you find your phone after it goes missing!
While “Plan A” is not losing your phone, (or already having a find my phone app like Lookout), Plan B is your last resort to locating your Android device.
Here’s a quick step-by-step guide on how to use Plan B to find your Android device if it goes missing:
May 9, 2012
No, this is not a headline from The Onion. It’s true! Our CFO, Adriel Lares, was on Family Guy this week. In the episode Lego My Mego, Adriel can be seen in a CFO-appropriate blue suit and red tie. Image included below.
And since we started the conversation, here’s more on Adriel.
- Relevant CFO-type facts: Before Lookout, Adriel was at Hewlett-Packards 3PAR Storage division. He led 3PAR’s IPO back in ’07 and grew its annual run rate to more than $200 million. He began his career as a treasury analyst for the Walt Disney Company. He likes cartoons!
- Not-as-relevant facts: Adriel digs The Family Guy. He is also vintner of the finest Napa Cabernet known to man (self-proclaimed).