February 27, 2013

Mobile World Congress: A World Connected by Mobile

Lookout is in its element this week at Mobile World Congress, the biggest mobile event of the year where mobile geeks from around the world converge in Barcelona, Spain. Here we get to work together with other companies and visionaries who also believe that mobile is intrinsic to people’s everyday lives.

Screen Shot 2013-02-27 at 2.28.26 PM

So how was the event? What’s new and cool, you ask. Here are a few takeaways from the team at Lookout:

  • Mobile is everyday and everywhere. Spotify is integrated into your Ford car, low-price Nokia phones are extremely affordable, your bicycle is not just mobile…it’s also eh mobile-connected.  Everything is connecting to the cloud, with mobile as the command center.
  • It seems like a lot of the OEMs are more focused on enterprise. Whether it’s Samsung Knox, the HTC booth or Eriksson, I saw a lot more consumerization of enterprise devices out there. It starts with the consumer and trickles up to enterprise.
  • Cooperation is key. We see this across the board—EE, Deutsche Telekom, Dropbox and Spotify all reinforced the need for partnership. Focus on your core capabilities. Know where you’re expert. At the same time, partnerships help you take advantage of all the new and exciting applications out there or greater reach.
  • Almost everyone I speak with—be it a reporter, a friend, mobile carrier or handset maker—notices how things that were never smart before are becoming smart. Things that weren’t connected are now digitized and helping to usher this shift.”

Image courtesy Andrea Teggart

Category:   Lookout News
February 18, 2013

Raising the Bar: AV-Testing

We’re proud to share that our product was recognized by AV-TEST as a top mobile security product. It is a testament to our approach of using data and advanced automated analysis to detect and block malware before it spreads. This offers comprehensive detection and equally important, protects people with the speed and efficiency that the traditional AV industry has lacked.

We hold ourselves and products to the highest standard, and we encourage the security industry to constantly raise the bar. The fact is, emerging technologies are a challenge to test and benchmark, and it takes time to build a sound methodology that is an accurate measure of the real-world threat environment. While AV-TEST is making great headway to this effect, we seek to elevate the current testing methodology to include additional standards that we hold ourselves to:

  • Prevalence: Mobile security testing companies do not have direct visibility into the threats in the wild and therefore it is difficult for them to devise assessments that reflect the real-world threat space. Some samples in the AV-TEST corpus are aging and not representative of threats affecting people today. AV-TEST has made headway on this, but the most accurate test would be one that gives more weight to threats that are affecting consumers in real-time, and those that are the most severe.
  • Severity: All threats are not created equal. Accurate threat detection differentiates the nature and severity of a threat and relays that knowledge to a user. Toll fraud is different in severity from an aggressive ad network. The most accurate test would understand and test for that distinction. Calling out a genuinely malicious app only for its inclusion of adware does little to educate the user on the true severity of the threat.
  • False Positives: What a security app doesn’t detect is just as important as what it does. Trawling may be the best way to net a huge catch of fish, but its a shame if it snags a dolphin. Similarly, a mobile security app that identifies everything would come up with many false positives and alarm the user. Under the current test, a mobile security app is only tested for false positives against the top apps on Google Play, not apps that are close to malware. A successful false positive test would seek out the correct balance of detection and editing that protects the end user.
  • Speed: The newest malware is the most potentially harmful to users. The most accurate test would assess the ability to detect the new malware and protect users as early as possible. We recognize the difficulty of designing this test, but feel that it is particularly important for users.

We will continue to hold our own work to the highest standards and we look forward to working with AV-TEST to ensure that their methodology provides a relevant and accurate measure of the real-world threat environment.

Category:   Android  •  Lookout News  •  malware  •  Security
February 11, 2013

5 Cybersecurity Articles To Read

It’s 2013, and we’re doing more activities online than ever before. Whether you’re shopping, online banking, or Tweeting, it’s a privilege to live in this cyber reality. With privilege, though, comes great responsibility. Being safe on the web means following best practices and staying up to date on the latest vulnerabilities. Reading these 5 insightful articles won’t leave every cybersecurity stone unturned, but it’s a solid start:

As always, Lookout has all your devices and cybersecurity questions covered. Please feel free to reach out to us!

Category:   Featured  •  Security
February 7, 2013

Security Alert: CleanedOut

Summary

CleanedOut is a Trojan recently discovered to be distributed on Google Play that allows an attacker to remotely control a user’s Android phone. It will also attempt to automatically install a piece of PC malware if connected to a Windows computer. All Lookout users are protected against this family of malware, and it appears that the distribution is low.

cleaned out

The Details

This piece of malware was originally discovered by Kaspersky on Google Play[1]. It poses as a device accelerator but has minimal functionality for its stated purpose.

When launched, the app connects to a remote C&C server and reports the user’s phone number, subscriber ID, device ID, location, and contents of SMS messages. It also has the capability, at the attacker’s request, to exert broad control over a user’s device. This includes installing software on demand to the user’s device, sending SMS messages, stealing passwords for popular services like Gmail and Dropbox, and arbitrarily uploading any files on the device to a remote location. While the malware has many capabilities, it does not appear to be actively used by the attacker at the moment for anything other than stealing images from devices.

The application will also drop an autorun.inf file inside the root directory of the SD card, which will automatically install a piece of Windows malware if the phone is connected to a pre-Windows 7 computer. It will not be executed on modern versions of Windows because the security hole used has been fixed.

Estimated Impact
According to our detections, there is an extremely low number of infections indicating a very low prevalence of the threat.

How to Stay Safe

Lookout Free and Premium users are automatically protected. Here are two tips to keep your phone safe from malware:

  • Only download apps from reputable app stores and check that the developer is credible before downloading.
  • Download a mobile security app for your phone, like Lookout, that scans for malware.

[1] Kaspersky has written extensively about the PC component of this malware.

Looking for more information on mobile threats like Cleaned Out? Check out Lookout’s Top Threats resource.

Category:   Alerts  •  Android  •  Attacks  •  Featured  •  malware
February 4, 2013

Lookout a finalist for Global Mobile Award

Today, Lookout was announced as a finalist for the GSMA’s annual Global Mobile Award for the category of Best Mobile Safeguard & Security Products and Services. If you’re not familiar, the GSMA is the who’s who of the mobile industry—an organization that spans more than 220 countries and unites 800 of the world’s mobile operators with the companies in the broader mobile operating system, including app developers, software and manufacturers. This award echoes the importance and need for mobile security, with an entire category dedicated to it.

Winners will be announced from the annual GSMA Mobile World Congress event in Barcelona, Spain during the last week of February. Beyond hearing the outcome of the awards, we’re really looking forward to the event. It’s always an excellent opportunity to meet up with the many mobile operators we work with, scope out the newest innovations and connect with mobile folks about the future of the industry.

Congratulations to the Lookout team and to the many other mobile stars nominated for the annual awards!

Category:   Lookout News