September 28, 2012
This week, a new vulnerability was discovered that affects Android phones. Security researchers on Monday demonstrated that the Android dialer could be exploited to remotely run commands that wipe the phone without users’ permission or knowledge. To help minimize the risk facing users, Lookout released an update today to its Lookout Mobile Security app on Google Play, which protects users from these dialer-related threats.
September 28, 2012
Welcome to Lookout’s new digs here at lookout.com. We said goodbye to our old web address, mylookout.com (which served us very well), and we’re laying out the welcome mat here at lookout.com.
Even though we ditched “mylookout.com,” for all of our 25 million plus customers, we’re still your Lookout.
We also updated our RSS feed, so if you like to keep up with this blog in your favorite RSS reader (like Google Reader, Feeddler or Pulse), then please update your Lookout RSS subscription with our new blog.lookout.com feed. We want to make sure you stay up to date on every detail of the latest Lookout product news, research, mobile news and security alerts. (And trust me, there’s some COOL stuff coming VERY soon!)
Image courtesy of Amazon.com
September 26, 2012
Where there’s a will, there’s a way. Hackers are constantly pushing the limits when it comes to getting their hands on our private information and hard-earned money. While some fraudsters use direct-to-consumer malware to game the system, some are taking a different approach to fooling users. We put our black hats on in our State of Mobile Security 2012 report to show you how the bad guys think.
September 21, 2012
If you search “android antivirus” on Google you can find a lively debate on the necessity and efficacy of protecting your mobile phone from viruses with an antivirus app. We’re here with some good news: technically, viruses don’t exist on Android! A virus is a piece of software that can copy itself and automatically spread to other devices, and this kind of replication is not possible on the Android operating system. Thank goodness. But that doesn’t mean you don’t need an “antivirus” app.
The word virus has stuck in the popular lexicon as a common term for all malicious software. For most people, it’s simpler to use a generic term like “virus” rather than memorizing the nuances of a trojan, worm, rootkit, malware, adware or spyware.
September 18, 2012
You are probably not surprised that the debut last week of Apple’s iPhone 5 handset and iOS6 operating system has been all the rage in the mobile industry. For the app developer community especially, the most important news centered on how Apple’s new operating system introduces Advertising Identifier, a non-personal alternative to Apple’s Unique Device Identifier (UDIDs). This means you can say goodbye to targeted ads on your mobile phone.
September 12, 2012
Recently, Lookout discovered a mobile click fraud family dubbed “SimpleTemai.” SimpleTemai downloads and rates apps from third-party Android markets, so it appears that it’s designed to rip off mobile app promotion service providers; downloads triggered by SimpleTemai have the potential to artificially inflate app promoter effectiveness.
How It Works
SimpleTemai is a malware package that is embedded into legitimate gaming apps. We’ve identified over 1700 unique instances across a variety of racing and strategy games. When a user installs an app infected with SimpleTemai, their device may start downloading other apps, reporting to affiliates that the apps were successfully installed and then removing these downloads. This is all done in the background, unbeknownst to the user. If SimpleTemai goes undetected, it has the potential to run up a user’s mobile data bill by making excessive unwarranted downloads.
SimpleTemai also has the capability to download and rate applications from Chinese third-party app stores, presumably to help improve the chances that a smartphone user would encounter an infected app organically through these markets.
Lastly, SimpleTemai is constructed in a way that allows it to be remotely updated (see Technical Details). Although current capabilities are limited to mobile click fraud and we have no indication its creators are branching out beyond current functionality, SimpleTemai could presumably leverage this capability to significantly modify its behavior.
SimpleTemai’s construction is very interesting because its capabilities are primarily scripted in FScriptME, a scripting language that can be used as an embedded language in Java programs. This presumably allows it to evade some methods of static analysis detection, and also allows it to be remotely updatable.
Who Is Affected?
SimpleTemai primarily affects Chinese Android app stores and has not been found in any major app stores such as Google Play. In addition, detections of SimpleTemai within Lookout’s Mobile Threat Network have been relatively low.
How to Stay Safe
Lookout Free and Premium users are automatically protected. Here are two tips to keep your phone safe from malware such as SimpleTemai:
- Only download apps from reputable app stores and check that the developer is credible before downloading.
- Download a mobile security app for your phone, like Lookout, that scans for malware.
Looking for more information on mobile threats like SimpleTemai? Check out Lookout’s Top Threats resource.
September 11, 2012
At Lookout, we believe that mobile phones will be the nexus for everything. We already rely on our phones for so much in our daily lives, and we think smartphones will become our digital wallets as well. Major companies are now supporting and investing in mobile payments, including Starbucks, Visa, Wal-Mart, Best Buy, CVS and even the London Olympics.
Even with all the mobile payment buzz in the air, the U.S. Federal Reserve found that only 21% of mobile phone users have used banking apps in the past year. The lack of consumer confidence might be due to perceived security issues or unfamiliarity with the technology. But a little bit of information and a few tips should help people to embrace the phwallet. (That’s phone + wallet. That’s not a thing yet? You sure?)
First off, there’s no one standard mobile technology or app for paying for your latte or gossip magazine, which may also be why mobile payments are not ubiquitous… yet.
September 6, 2012
Turns out American consumers are concerned about their mobile privacy. Today Pew Internet & American Life Project released a survey that shows just how concerned individuals are: six in 10 mobile phone users said they have decided against downloading certain apps over privacy concerns. And in many cases, they uninstalled apps that collected too much personal information about them. Users made those decisions when they learned how much personal information they would share by using the apps. Not only are people worried about mobile privacy, Pew found that approximately 30% of Americans have experienced a lost or stolen phone!
Nothing bums us out more at Lookout than when people stop using their phones to their full potential due to confusion or concern. We want people to feel empowered when using their smartphones and tablets!
In our 2012 State of Mobile Security report, Lookout found mobile privacy to be a growing issue for individuals. Our research shows that aggressive ad networks that could invade privacy have been downloaded more than 80M times.
But you don’t have to give into privacy concerns. Our app helps you protect your privacy and find your lost phone so you don’t have to worry about prying eyes. Here are more tips for what you can do to take back control of your mobile privacy:
September 6, 2012
Released today, Lookout’s 2012 State of Mobile Security 2012 report goes beyond threat count and looks at the big picture issues that are affecting individuals’ mobile safety and security. We all appreciate numbers and a great graph (don’t worry, we’ve got plenty of charts), but it’s also critical to understand the context around how, where and when mobile threats arise. To that end, we spent a lot of time crafting super easy-to-follow infographics and background so that when you finish reading the report you can confidently hold a cocktail conversation about spyware versus SMS fraud in 2012.
The big business of malware (i.e. how the bad guys are turning a dime into a million) is a major focus in State of Mobile Security 2012. We explore how the industry is operating and growing through new malware distribution channels and unique packaging techniques, and we identify the kingpin malware family.
The report shares real-world implications for the average Joe, including how an individual’s behavior and geography affects their likelihood of encountering a threat. The highlights:
September 5, 2012
Our August Meetup last week on mobile security and privacy turned out great. More than twenty developers and security pros showed up to see Lookout’s Tim Strazzere show how to slow down and demotivate people who might try to reverse engineer or pirate applications. Based in part on his recent research presented at Blackhat 2012, Tim gave attendees a ton of insider technical knowledge about how app developers can try to protect their apps from hackers, crackers, and pirates. Beyond the technical, he also explained the motivations of these hackers and when it makes sense to spend time obfuscating your app and when it doesn’t. After the talk, attendees got a chance to discuss the topic and how it affects their own apps with Tim and the rest of the Lookout security team.
We have a recording of the talk on YouTube (it’s poor quality, be warned) and and you can get a link to the slides file from the August Mobile Security Meetup page.
Keep an eye out for our next Meetup in September. We’ll be announcing the topic soon on the Mobile Privacy SF Meetup page. Of course there will also be delicious snacks, drinks, and cool swag. We’ll have better quality recording and we might even stream the event for interested attendees that can’t make it in person. Please also send suggestions on any topics you’d like to hear about via our Meetup page. We hope you’ll join our growing community!