February 27, 2013
Lookout is in its element this week at Mobile World Congress, the biggest mobile event of the year where mobile geeks from around the world converge in Barcelona, Spain. Here we get to work together with other companies and visionaries who also believe that mobile is intrinsic to people’s everyday lives.
So how was the event? What’s new and cool, you ask. Here are a few takeaways from the team at Lookout:
- Mobile is everyday and everywhere. Spotify is integrated into your Ford car, low-price Nokia phones are extremely affordable, your bicycle is not just mobile…it’s also eh mobile-connected. Everything is connecting to the cloud, with mobile as the command center.
- It seems like a lot of the OEMs are more focused on enterprise. Whether it’s Samsung Knox, the HTC booth or Eriksson, I saw a lot more consumerization of enterprise devices out there. It starts with the consumer and trickles up to enterprise.
- Cooperation is key. We see this across the board—EE, Deutsche Telekom, Dropbox and Spotify all reinforced the need for partnership. Focus on your core capabilities. Know where you’re expert. At the same time, partnerships help you take advantage of all the new and exciting applications out there or greater reach.
- Almost everyone I speak with—be it a reporter, a friend, mobile carrier or handset maker—notices how things that were never smart before are becoming smart. Things that weren’t connected are now digitized and helping to usher this shift.”
Image courtesy Andrea Teggart
February 18, 2013
We’re proud to share that our product was recognized by AV-TEST as a top mobile security product. It is a testament to our approach of using data and advanced automated analysis to detect and block malware before it spreads. This offers comprehensive detection and equally important, protects people with the speed and efficiency that the traditional AV industry has lacked.
We hold ourselves and products to the highest standard, and we encourage the security industry to constantly raise the bar. The fact is, emerging technologies are a challenge to test and benchmark, and it takes time to build a sound methodology that is an accurate measure of the real-world threat environment. While AV-TEST is making great headway to this effect, we seek to elevate the current testing methodology to include additional standards that we hold ourselves to:
- Prevalence: Mobile security testing companies do not have direct visibility into the threats in the wild and therefore it is difficult for them to devise assessments that reflect the real-world threat space. Some samples in the AV-TEST corpus are aging and not representative of threats affecting people today. AV-TEST has made headway on this, but the most accurate test would be one that gives more weight to threats that are affecting consumers in real-time, and those that are the most severe.
- Severity: All threats are not created equal. Accurate threat detection differentiates the nature and severity of a threat and relays that knowledge to a user. Toll fraud is different in severity from an aggressive ad network. The most accurate test would understand and test for that distinction. Calling out a genuinely malicious app only for its inclusion of adware does little to educate the user on the true severity of the threat.
- False Positives: What a security app doesn’t detect is just as important as what it does. Trawling may be the best way to net a huge catch of fish, but its a shame if it snags a dolphin. Similarly, a mobile security app that identifies everything would come up with many false positives and alarm the user. Under the current test, a mobile security app is only tested for false positives against the top apps on Google Play, not apps that are close to malware. A successful false positive test would seek out the correct balance of detection and editing that protects the end user.
- Speed: The newest malware is the most potentially harmful to users. The most accurate test would assess the ability to detect the new malware and protect users as early as possible. We recognize the difficulty of designing this test, but feel that it is particularly important for users.
We will continue to hold our own work to the highest standards and we look forward to working with AV-TEST to ensure that their methodology provides a relevant and accurate measure of the real-world threat environment.
February 11, 2013
It’s 2013, and we’re doing more activities online than ever before. Whether you’re shopping, online banking, or Tweeting, it’s a privilege to live in this cyber reality. With privilege, though, comes great responsibility. Being safe on the web means following best practices and staying up to date on the latest vulnerabilities. Reading these 5 insightful articles won’t leave every cybersecurity stone unturned, but it’s a solid start:
As always, Lookout has all your devices and cybersecurity questions covered. Please feel free to reach out to us!
February 7, 2013
CleanedOut is a Trojan recently discovered to be distributed on Google Play that allows an attacker to remotely control a user’s Android phone. It will also attempt to automatically install a piece of PC malware if connected to a Windows computer. All Lookout users are protected against this family of malware, and it appears that the distribution is low.
This piece of malware was originally discovered by Kaspersky on Google Play. It poses as a device accelerator but has minimal functionality for its stated purpose.
When launched, the app connects to a remote C&C server and reports the user’s phone number, subscriber ID, device ID, location, and contents of SMS messages. It also has the capability, at the attacker’s request, to exert broad control over a user’s device. This includes installing software on demand to the user’s device, sending SMS messages, stealing passwords for popular services like Gmail and Dropbox, and arbitrarily uploading any files on the device to a remote location. While the malware has many capabilities, it does not appear to be actively used by the attacker at the moment for anything other than stealing images from devices.
The application will also drop an autorun.inf file inside the root directory of the SD card, which will automatically install a piece of Windows malware if the phone is connected to a pre-Windows 7 computer. It will not be executed on modern versions of Windows because the security hole used has been fixed.
According to our detections, there is an extremely low number of infections indicating a very low prevalence of the threat.
How to Stay Safe
Lookout Free and Premium users are automatically protected. Here are two tips to keep your phone safe from malware:
- Only download apps from reputable app stores and check that the developer is credible before downloading.
- Download a mobile security app for your phone, like Lookout, that scans for malware.
 Kaspersky has written extensively about the PC component of this malware.
Looking for more information on mobile threats like Cleaned Out? Check out Lookout’s Top Threats resource.
February 4, 2013
Today, Lookout was announced as a finalist for the GSMA’s annual Global Mobile Award for the category of Best Mobile Safeguard & Security Products and Services. If you’re not familiar, the GSMA is the who’s who of the mobile industry—an organization that spans more than 220 countries and unites 800 of the world’s mobile operators with the companies in the broader mobile operating system, including app developers, software and manufacturers. This award echoes the importance and need for mobile security, with an entire category dedicated to it.
Winners will be announced from the annual GSMA Mobile World Congress event in Barcelona, Spain during the last week of February. Beyond hearing the outcome of the awards, we’re really looking forward to the event. It’s always an excellent opportunity to meet up with the many mobile operators we work with, scope out the newest innovations and connect with mobile folks about the future of the industry.
Congratulations to the Lookout team and to the many other mobile stars nominated for the annual awards!