December 23, 2013

Update: Beware Geeks Bearing Gifts – How the Latest iPhone Jailbreak is Actually a Trojan

A new iOS 7 Jailbreak was released this week by the team known as Evad3rs and it’s considerably one of the most talked about releases. Considering that the last jailbreak took nearly 6 months* to develop, something that immensely frustrated many wannabe jailbreakers, it’s not surprising that this pre-Christmas gift caught everyone’s attention.

However, this latest release from the Evad3rs jailbreaking team is a significant departure from their usual jailbreaks. Unlike any of its predecessors, Evasi0n for iOS 7 includes hidden code from a third-party Chinese vendor. Furthermore, that code has been heavily obfuscated in order to resist analysis and tampering.

Read on for our initial analysis of this jailbreak and why we consider it to be be a risky proposition.

evaders

Category:   Alerts
December 19, 2013

Security Alert: Shoot the Bulk Messenger

Executive Summary

With texting the national pastime, text messages are cheap and unlimited plans abound. But what can you do with all of the unused text messages left over from your plan? We’ve uncovered a rascally bulk SMS network, Bazuc, that lures in Android users by promising a ‘free money’ payout if a user allows the network to access their unused SMS messages. The app Bazuc was available in the Google Play Store and downloaded between 10,000 to 50,000 times, but this is likely the tip of the iceberg. The author claims to register 100 downloads of the app per hour, indicating that there may be plenty more third-party store downloads.

Free money is never free though, is it? Once you’ve downloaded the app, Bazuc can be used to send virtually untraceable SMS messages in bulk, which look like they came from your phone. In fact, they did come from your phone. The authors of Bazuc are charging companies to have users send out these cheap SMS messages on their behalf, helping the companies bypass spam detection and automated anti-fraud systems. This operation is putting personally identifiable information at risk, exposing targeted users to phone calls and SMSs from unknown people, and swindling operators out of money.

With so much at risk, Lookout investigated the SMS network and found a coterie of players wittingly and unwittingly involved in the ploy. These include bulk messaging providers, phishers, foreign spammers, American and African banks and smartphone owners. Read more as we dissect Bazuc, its authors, operations, the monetization strategy and the end game. We are rolling out protection to Lookout users as we speak.

What is Bazuc?

Bazuc is a pair of applications: “Bazuc Earn Money” and “Bazuc Free International SMS.” On the face of it, the “Bazuc Earn Money” app offers people an interesting proposition: the chance to sell the surplus of SMS messages that remain in their monthly quota after they have used their normal monthly amount. The “Bazuc Free International SMS” app uses the SMS allowance purchased by “Bazuc Earn Money” to enable users to send free SMS messages internationally.

At least that’s what the Bazuc Earn Money website suggests.

bazuc0

“Bazuc earn money” offers users $0.001 per message, and while the math won’t make you rich, many people will see this as “free money.”  Bazuc’s FAQ section suggests that you could earn $30. (But that means a person would need to send 30,000 messages from their phone a month.)

“We will pay you $0.001 per SMS that is sent through your phone, so you can earn up to $30 monthly for doing absolutely nothing but installing “Bazuc Earn Money on your Android phone.”

Free messages in bundle: 5,000

Normal monthly SMS usage: 2,000

“Surplus” messages to sell: 3,000

Likely potential monthly earnings 3,000 x $0.001 = $3.00

bazuc1

Category:   Alerts
December 17, 2013

What to do with your old phone

How to Breakup with an Old Phone and Stay Friends

If you’re expecting to receive a new phone this holiday season, you’ll need to figure out how you are going to let your old phone down gently. That means saving your data, clearing out your old phone to protect your privacy and recycling or re-selling your old phone. Here is the play-by-play of how to breakup with your old phone and stay friends.

#1: Save Your Data. You likely have lots of memories stored on your phone and there are several options available to save your pictures, contacts, videos and other important data. For Android, Lookout Premium (14 day free trial – £2.49 per month/£24.99 per year) backs up photos and contacts and can restore data to a new device. iPhone owners can use iCloud to back up and store important data.

#2: Wipe Your Phone. It’s important to remove data off of the phone before re-selling, donating or recycling. For Android, Lookout Premium can wipe personal information, restoring the phone to its original settings. For other device types, do a Google search on how to factory reset. Factory resetting will restore an old phone to its original state, erasing apps, photos, contacts, call logs and more.

#3: Remove the SIM Card. If the phone has a SIM card, remove it to ensure that your information cannot be passed on to a potential future owner.

#4: Resell or Recycle. Once your personal data is removed, don’t throw it away! There are many organizations that can help you recycle or resell your device easily and online such as Mazumamobile, Envirofone, or Fonebank. For those who are in the UK, check out GeekSquad.  Most mobile phone operators also have recycle schemes and take unwanted phones of any type or carrier and credit owners the buyback value. Check with your mobile operator.

Once you’ve closed that chapter of your life, find out how to setup your new phone and make the most of it here.

Category:   Hidden
December 17, 2013

How to set up a new phone

You’ve spent months daydreaming about getting a new phone — constantly distracted by the slightest mention of its huge screen, slim body, sophisticated camera, even those bezels. But chances are you never thought past that step. Now that you have your new device, how are you going to make the magic last? Follow these steps to get the most out of your new phone:

Set a password

The best way to make sure your new phone stays your new phone is to set a passcode. Whether you’re worried about someone swiping your device while you’re hitting the shops to return that terrible holiday sweater or just want to keep snooping in-laws away, the several seconds it takes to improve your security settings is worth the effort. Choosing a random alphanumeric phrase you’ll remember is your best bet for security, but even a pin code is better than nothing.

Well in that case…

Speaking of protection, your new phone is so shiny and beautiful, it’d be a shame is something just came along and broke the screen. Sure you can go around making jokes about your new “shattered glass” app, or you can get a case before it’s too late. You can find a huge variety of great cases for Android and iPhone at Mobilefun, customize your own online at Likemycase, or opt for the indestructible from OtterBox.

Pimp it out

Even the most novice users can scroll through settings to change wallpaper photos, system fonts and ringtones. Most Android phones come with a variety of widgets that you can use to personalize your home screen, and you can always download more from Google Play. Feeling more adventurous? You can download an app launcher like Launcher Pro or Smart Launcher to give your interface a complete makeover.

Set up those performance enhancers

No, we’re not talking about steroids, but the settings you choose can have a huge impact on how your phone performs. Changing your screen brightness and turning off features like GPS, Wifi and Bluetooth when you’re not using them can make your battery last longer, giving you more quality time to crush candy.

Invite your contacts to the party

With all of the great apps out there, it can be easy to forget that your phone is also pretty good at keeping in touch with people. Transfer the contacts in your address book from your old phone right away so you’ll be able to hit the ground running with all of the calling and texting your friends can handle.

Get the right apps

At this point, your phone can be a functional everything machine — as long as you have the right apps, that is. Shop around the Play Store or App Store for the latest and greatest, but be sure to pay attention to app ratings to make sure you know exactly what you’re downloading. Here are a few of our favorites:

Evernote

From to-do lists to memorable quotes to flashes of genius, we have a lot to write down. If the idea of carrying around a notebook seems sooo middle school, get Evernote to keep all of your notes organized. The best part? Evernote has cross-platform functionality, so you can jot down something from your computer and then check it later on your phone.

Google Maps

You know that feeling when you end up in the strange part of town and have no idea where to go or how to get there? Neither do we. Make sure you have a reliable map app and you’ll never have to worry about wandering alone.

Pandora

Do you ever wish your life was set to your favorite playlist? It pretty much is when you can take an endless supply of music with you on the go. Choose a station by song, artist or genre and you’ll be rocking out in no time.

Instagram

Remember how excited you were when you realized your first flip phone could snap an almost-distinguishable image? We’ve come a long way from the days of those blurry photos, and now your phone can take video, too. If you must take pictures of your lunch, make sure your camera is performing in style with the filters that make Instagram so iconic.

Download Lookout

We can see you’re already getting pretty attached to this new phone of yours, so there’s no better time to download Lookout to protect your phone from theft and malware. Download it now and you’ll be able to backup your data and track your phone’s location on a Google map if it goes missing.

Category:   Hidden
December 17, 2013

Download Lookout to your new phone

With a new Kindle Fire on the market alongside a lineup of tablets like the iPad Air, there’s a good chance you added a new device to your collection this holiday season. Did you know you can manage up to two devices from your free Lookout account, and up to three devices from your premium account? For those of you keeping track at home, that means you can keep tabs on your smartphone, tablet, and Kindle conveniently from one place. Follow these steps to make sure all of your devices are secured with Lookout from day one:

  1. Download Lookout from Google Play, the Apple App Store, or the Amazon Appstore for Kindle.
  2. Open the Lookout app and set up an account by entering your email address and choosing a password. If you already have a Lookout account, click on “Already have an account? Log in here” and log in.
  3. Open Lookout’s Settings and enable Signal Flare and malware scans to take advantage of features to keep your phone safe from mobile threats.
  4. Log into your account to locate your device or access backed up data.
Category:   Hidden
December 10, 2013

Celebrating Tech Heroes

At Lookout, we hear a lot of stories from the people who use our technology. How you found your lost phone in the snow, saved pictures from your camping trip, or captured a picture of your kids with Lock Cam. The funny thing about all these stories is that they almost always involve a kind stranger who spent the afternoon digging holes in the snow, a helpful police officer who went the extra mile to get your phone back or a cute child learning to use your new tablet. Technology is only as powerful as the people who use it, so we hope you’ll join us in celebrating our Tech Heroes this year— the people we rely on to set up, fix, and use our technology better than you ever thought possible.  We found that 1 in three people have a Tech Hero, and 75% of those people would seek out their advice when buying a new smartphone or tablet device.

To celebrate, we’re holding a contest to recognize the Tech Heroes who come to our rescue. From Tuesday, December 10 to Monday, January 6 we’ll be giving away prizes every week like smartwatches, tablets and smart TVs. To enter, simply visit our Facebook app at and nominate your Tech Hero. You and your Tech Hero will be automatically entered every week to win. In addition, we’re awarding a Grand Prize winner decided on votes by the Lookout community. Encourage your friends and family to vote on your Tech Hero; the eligible person with the most votes on January 6 will win $1,000 each for both themselves and the person who nominated them. Even if you don’t participate, we hope you’ll go to the contest and vote for the person you believe deserves to win! You can find the Official Rules here.

Category:   #Data  •  Lookout News
December 10, 2013

In Tech Heroes We Trust

After hearing from our customers over and over that they often rely on friends and family to save the day on mobile technology, we ran a national survey with Harris Interactive to investigate this trend. It turns out that we rely on others quite a bit to make technology connections happen. Sixty-three percent of people struggle to keep up with the latest mobile tech and 1 in 3 depend on tech savvy friends and family—we like to call them Tech Heroes—for a bit of help.

Below are some of the interesting things we learned about these rare birds, unicorns and diamonds in the rough we’ve come to depend on.

Anyone can be a Tech Hero: your friend who gives you the best app recommendations, the IT admin who rescued your pictures from a lost phone, even your kid who helps you locate the power button. While common belief suggests that tech experts are typically among younger age groups, 37% of Americans say their Tech Heroes are between ages 31-45, while 33% say they are between 21-30. Truth is, Tech Heroes come in all ages and can be found nationwide.

Tech Heroes come to our aid in a number of ways. Whether it’s helping to set up a new phone, troubleshooting a new device or downloading the latest apps, we rely on Tech Heroes to show us the ropes.

This holiday season, 45 million new smartphones are expected to hit shelves and mobile devices will top holiday wishlists. With the many new devices hitting shelves it can be difficult for people to decide on the perfect smartphone or tablet to meet the needs of their mobile lives. We learned that Tech Heroes have a large amount of influence over mobile commerce.

Interested in celebrating the Tech Hero in your life this holiday season? Nominate your Tech Hero (you can also nominate yourself) here. For those who are setting up their new phones this holiday season and don’t have a Tech Hero offhand, we’ve developed a Tech Hero Handbook with everything you need to know to set up a new phone, fix a cracked screen, or conserve your battery life.

Category:   #Data  •  Featured
December 9, 2013

MouaBad.P : Pocket Dialing For Profit

Over the past few months the Lookout security team has taken a closer look at a malware family we’ve labeled Mouabad, which gives third-parties control over user devices and enables malicious parties to defraud victims via premium rate SMS billing.

Recently, the team identified a new and particularly interesting variant of Mouabad, which we’ve dubbed MouaBad.p. For the first time (as far as Lookout has seen), remote attackers can now make phone calls (possibly to premium-rate numbers) without user intervention. This represents a significant jump in functionality compared to more common premium-rate fraud that relies on SMS functionality.

In addition to never-before-seen functionality, Mouabad.p is particularly sneaky and effective in its aim to avoid detection. For example, it waits to make its calls until a period of time after the screen turns off and the lock screen activates. Mouabad.p also end the calls it makes as soon as a user interacts with their device (e.g. unlocks it). However, this malware variant does not appear to have the ability to modify call logs so a discerning victim could uncover Mouabad.p’s dialing activity by checking their call histories. Like all members of the Mouabad family, Mouabad.p also allows remote attackers to send SMS messages and control various settings related to premium SMS billing.

Who Is Likely to Be Affected

The good news is that the risk of infection is low. Mouabad.p only works on Android versions older than 3.1 since apps won’t start from intents (like “user_present”) in later Android versions and Mouabad.p does not have a launcher shortcut. Lookout detection volumes of Mouabad.p are low and restricted primarily to Chinese-speaking regions. Since premium-rate SMS and telephone calls rely on country specific phone numbers Mouabad.p will not function outside of targeted countries so there is no incentive for the attackers controlling it to allow it to spread outside these regions.

All Lookout users are protected from this threat.

What Makes Mouabad.p Noteworthy

In the world of mobile malware Mouabad.p is noteworthy because it can initiate a call without user intervention. In addition, MouaBad.p is specifically engineered to evade detection and deletion, concealing its background activities from users wherever possible and attempting to get privileged device access to make itself more difficult to remove. Mouabad.p and other trojans that can financially harm users and effectively hide themselves underscore the need for sophisticated mobile malware protection.

How It Works + Capabilities

To launch, MouaBad.p depends on hooks into the operating system (known as intents) that start the app each time the device boots and whenever the device unlocks. This enables the malware to function without a suspicious icon on the home screen that might otherwise alert the device owner to its presence – just one of several techniques employed by its authors to evade detection.

Mouabad.p is likely delivered via a “dropper” app that loads Mouabad.p in the background during its own installation process. Once installed and run, Mouabad.p begins to poll its configured C&C servers for commands, typically once every 8 hours.

MouaBad.p looks for the following commands from the C&C server:

  • Instructions to send SMS messages to a number defined in the command
  • Instructions to call a number defined in the command and schedule the call to be made at some interval in case the call gets disconnected
  • Instructions for the app to conceal any incoming SMS messages from a specific number or which contain a specific pattern of text in the message itself so that the response from a premium rate service can be hidden from the device owner
  • Instructions to authorize a specific SMS number to send commands to the app

The method Mouabad.p uses to make and end calls is unusual in that it uses reflection to access private methods in TelephonyManager to make and end calls (as opposed to the more common use of intents). The malware does not appear to have the ability to modify call history, leaving victims a rare opportunity to uncover malicious activity that is otherwise well concealed. The C&C server is currently down so the exact dialing targets are unknown, but targeting premium rate telephone numbers could offer the attackers an effective monetization strategy and would be a logical extension of the Mouabad family’s predilection for premium-rate fraud. In theory, this dialing functionality could also be used for other malicious purposes such as remotely spying on conversations within the vicinity of a device microphone, or simply running up a victim’s wireless bill.

How To Stay Safe

  • Only install apps from trusted stores
  • Make sure the Android system setting ‘Unknown sources’ is unchecked to prevent dropped or drive-by-download app installs
  • Download a mobile security app like Lookout’s app that protects against malware as a first line of defense
Category:   Android  •  malware  •  Security
December 4, 2013

Tech Hero Handbook: How to Breakup with an Old Phone and Stay Friends

If you’re expecting to receive a new phone this holiday season, you’ll need to figure out how you are going to let your old phone down gently. That means saving your data, clearing out your old phone to protect your privacy and recycling or re-selling your old phone. Here is the play-by-play of how to breakup with your old phone and stay friends.

  1. Save Your Data. You likely have lots of memories stored on your phone and there are several options available to save your pictures, contacts, videos and other important data. For Android, Lookout Premium (14 day free trial – $2.99 per month/$29.99 per year) backs up photos and contacts and can restore data to a new device. iPhone owners can use iCloud to back up and store important data.
  2. Wipe Your Phone. It’s important to remove data off of the phone before re-selling, donating or recycling. For Android, Lookout Premium can wipe personal information, restoring the phone to its original settings. For other device types, do a Google search on how to factory reset. Factory resetting will restore an old phone to its original state, erasing apps, photos, contacts, call logs and more.
  3. Ditch the SIM Card. If the phone has a SIM card, remove it to ensure that your information cannot be passed on to a potential future owner.
  4. Resell or Recycle. Once your personal data is removed, don’t throw it away! There are many organizations that can help you recycle or resell your device. Cell Phones for Soldiers collects unwanted mobile phones and provides troops abroad with free calling cards so they can connect with their families. You can also make some extra cash with online sites like Glyde or Gazelle who offer cash in exchange for mobile phones. The Sprint Buy Back Program takes unwanted phones of any type or carrier and credits owners the buyback value.

Once you’ve closed that chapter of your life, find out how to setup your new phone and make the most of it here.

Category:   Hidden  •  Mobile Tips + Tricks
December 4, 2013

Tech Hero Handbook: 7 Tips on Finding Your Phone With Lookout

Everyone needs a little help using technology, and we like to call those digital guardian angels our Tech Heroes. 1 in 3 people rely on their Tech Hero to get the most out of their technology. One of the best ways you can let Lookout be your Tech Hero is making sure you have the app on your phone just in case it ever gets lost or stolen. Losing your phone is the most common mobile threat you’ll face, which sucks when you think about how important your phone is to your daily life.

But with Lookout, you get a fighting chance to track down your AWOL phone or tablet. Here are seven tips for finding your phone or tablet with Lookout:

Category:   Hidden  •  Mobile Tips + Tricks