Uncategorized

February 16, 2017

5 non-negotiable principles to combat cyber war on mobile

Cyber war is a term the U.S. government is intimately familiar with, but woefully unprepared for when it comes to mobile.

Government employee mobile devices are a relatively new attack surface, and a particularly valuable one for espionage missions and other criminal intent. Mobile devices access confidential, classified, and other protected data classes. At this point, that’s just a fact. Both CSIS and the Presidential Cyber Commision acknowledge that mobile is no longer a fringe technology, but a central instrument that allows employees to get their jobs done.

Protecting data on mobile is non-negotiable and the responsibility of federal technology and security leaders across the entire government.

There are five principles any federal agency or organization must use to build a mobile security strategy. To forego such a strategy directly puts sensitive government data at risk.

November 21, 2016

Fake apps, identity theft, and 7 tips to keep your data safe this holiday shopping season

Man mobile shopping during the holidays

If the twinkle lights on trees and the familiar tunes of carols emanating from coworkers’ earbuds haven’t given it away already: we’ve officially entered holiday shopping season.

This means you may be likely to use your mobile device to purchase presents for your family and friends. It’s more important than ever to be vigilant while making purchases on your mobile device in order to avoid mobile scams.

IBM quotes the rise in mobile shopping on Black Friday 2015 saying, “Mobile shopping habits shifted noticeably … marking the first time smartphones generated more sales than tablets, mainly by stealing device share from desktops.”

While people are seeing the benefits of mobile shopping — ease of price comparisons in-store, convenience to shop anywhere anytime — opportunistic criminals are seeing potential benefits, as well.

October 28, 2016

A new look for Lookout, designed by you

blog-hero

To the people whose data, devices, and digital lives we protect every day:

Lookout has just released a brand new design for the Lookout app for Android, all based on your feedback.

We recently completed a comprehensive customer-insights initiative with you, our users. In it, we learned that you need:

  • Strong protection from the real threats to your devices and data
  • Timely and easy-to-understand information about active threats
  • Peace of mind that your mobile security app protects you automatically
  • Knowledge and education that empowers you
screen-shot-2016-10-12-at-1-20-06-pm“The goal of this redesign was to empower users with clear, straightforward, and actionable information about their device and data, all the while providing them peace of mind knowing that Lookout is always watching out for them.” – Sachin Kansal, vice president of consumer product, Lookout
October 25, 2016

Holistic mobile security means protection from threats, data leakage, and your own applications

Securing mobile devices and the data they access is a huge challenge. This is because of three key technology trends happening today:

1) Mobile apps have become the primary way that data is accessed and stored. Mobile apps account for over half of internet use, according to a 2016 study from Andreessen Horowitz. Enterprises, however, rarely know what apps are being used on an employee’s mobile device and whether that app is collecting sensitive information.

2) Individual employees have tremendous control over their mobile environment. They have freedom to choose whatever apps they would like to use to get their work done. This isn’t inherently a bad thing — every company wants productive employees — but it can inadvertently put corporate data at risk if an employee chooses the wrong app..

3) Mobile apps creators range from Forbes 500 companies to a few guys in a garage. The problem is, app developers of any size do not know your company’s specific data protection sensitivities, government compliance regulations, industry standards, or data sovereignty laws. The apps are not always built to meet these sensitivities and may leak corporate data despite being otherwise “benign.”

Mobile apps introduce a new layer of complexity to an enterprise’s security strategy as IT now has to protect against everything from malicious apps to risky app behaviors.

October 4, 2016

Microsoft and Lookout: Securing all your endpoints begins today

screen-shot-2016-10-04-at-9-24-38-am

Today, we are excited to announce that the Lookout Mobile Endpoint Security integration with Microsoft Enterprise Mobility + Security (EMS) is now generally available.

This means that while enterprise employees more seriously consider mobile devices to be an invaluable tool in their everyday working lives, enterprise IT teams don’t have to struggle to secure the rapidly increasing number of endpoints on their networks.

September 2, 2016

Update: Lookout re-airing on 60 Minutes

Screen Shot 2016-04-17 at 5.34.59 PM

Updated 9/2/2016: The segment will re-air on 9/4/2016. Interested in getting more in-depth information on our attack demonstrations? Read about how we did the Wi-Fi attack here and the mobile malware attack here

Tonight, 60 Minutes featured Lookout co-founder John Hering and a number of other well-known and respected security researchers demonstrating mobile attacks.

September 2, 2016

MDM solutions don’t deliver sufficient protection against Pegasus

Since Lookout first announced our discovery of the Pegasus attack and Trident vulnerabilities in partnership with Citizen Lab, we’ve received many clarifying questions from security professionals. In this series we’re answering the top queries we’ve received to help you better understand the facts around this unprecedented mobile threat.

Today’s question: Why can’t my MDM protect my organization from Pegasus?

A Mobile Device Management (MDM) solution is not by itself a sufficient protection against advanced, targeted threats like the Pegasus spyware.

No existing jailbreak detection technology would have caught this threat before Lookout and Citizen Lab uncovered the techniques. This is because MDMs can only detect known jailbreak techniques and Pegasus used advanced exploits of previously unknown (zero-day) vulnerabilities to jailbreak the device.

Now that these advanced techniques are publicly known, we have not observed any MDM technology that is currently able to detect them.

September 2, 2016

Encryption and VPNs alone do not protect you from Pegasus/Trident

Since Lookout first announced our discovery of the Pegasus attack and Trident vulnerabilities in partnership with Citizen Lab, we’ve received many clarifying questions from security professionals. In this series we’re answering the top queries we’ve received to help you better understand the facts around this unprecedented mobile threat.

Today’s question: Why can’t encryption or VPNs stop this threat?

Encryption and VPNs are excellent tools that protect sensitive data in most situations. Given the extreme sophistication of the Pegasus attack, however, these tools won’t actually protect data in this scenario.

August 30, 2016

Congressman urges “congressional hearing” after Trident iOS vulnerability discovery

“I am pleased that Apple was able to quickly address this security breach, but it is clear that Congress must do more to address the issues of mobile security. I believe a congressional hearing is in order and plan to work with my colleagues to examine these critical security concerns.”
-Congressman Ted W. Lieu (D, Los Angeles County)

After news of the Trident vulnerabilities broke, Congressman Ted Lieu issued a statement urging the U.S. government to pay closer attention to mobile security.

Congressman Lieu’s comments follow a trend of individuals and agencies calling for attention on mobile security. The White House Digital Government Strategy, the DoD Mobile Device Strategy, and NIST’s Mobile Device Security for Enterprises Building Block document urge agencies to adopt and secure mobile technology to improve service and enhance effectiveness.

August 25, 2016

3 things CISOs need to know about the Trident iOS vulnerabilities

Landing page, header - 2500x600_v3

Earlier today, Lookout and Citizen Lab published findings about a sophisticated, targeted, and persistent mobile attack on iOS using three zero-day vulnerabilities we call “Trident.” The attack allows an adversary to silently jailbreak an iOS device and stealthily spy on victims, collecting information from apps including Gmail, Facebook, Skype, WhatsApp, Calendar, FaceTime, Line, Mail.Ru, and others.

This discovery is further proof that mobile platforms are fertile ground for gathering sensitive information from target victims, and well-resourced threat actors are regularly exploiting that mobile environment.

Lookout PegasusRead Lookout’s report here.