| Individuals July 27, 2017

July 27, 2017

New feature: Lookout Personal protects you from network attacks with Safe Wi-Fi

By Sibo Zhao

Lookout Safe Wi-Fi screenshots

Lookout is excited to announce Safe Wi-Fi, a new feature for Lookout Premium customers that keeps anyone with the app safe from network-based attacks.

You've heard it for years: connecting to unknown Wi-Fi networks may cause data loss. Every day you can find someone sending a message, replying to a work email, or uploading a picture to social media while sitting at a coffee shop. However, no one wants to use slow data speeds when there is a poor connection or get that end-of-month alert from their carrier saying, "You have no data left!" It makes sense, then, why people seek out, connect to, and send data over unfamiliar Wi-Fi networks, such as in a cafe or city-sponsored Wi-Fi, such as Link NYC.

Lookout Safe Wi-Fi AndroidKnowledge is power, however, and you need to know when that network connection is taking more than its giving. The Safe Wi-Fi feature alerts you when a network you join is risky or under attack to help protect your personal and financial data and is currently available for both iOS and Android devices.

What are network threats?

Attackers use a number of different avenues to steal data. One of the most well-known kind of attack is mobile malware, but criminals also use Internet connections, including Wi-Fi, to spy on their victims. This is often called a man-in-the-middle attack (MitM).

How does a MitM attack work?

A MitM attack is when a criminal intercepts communications between two systems (e.g., your phone and a website you're viewing). When a MitM attack happens over Wi-Fi, the attacker hijacks the Internet traffic, redirecting it to a malicious destination allowing the attacker to eavesdrop on the connection. It's a two step process: first, the attacker needs to access the network traffic and second, the attacker must find a way to view otherwise encrypted, or protected, data.

Lookout performed an example of this kind of attack on 60 Minutes in 2016. You can read more about how we "attacked" 60 Minutes host Sharyn Alfonsi, collecting information about her emails, the apps on her phone, communications coming to and from those apps, other messages, web traffic, and more. These kinds of attacks do happen in the wild, and they can cause serious problems if you encounter one.

How do attackers access and manipulate data?

There are a number of ways an attacker can gain access to network traffic, including:

  • Setting up a fake Wi-Fi access point
    • This lets an attacker trick someone into directly connecting to a malicious network the attacker controls.
  • Using a virtual private network (VPN) to drive traffic through the a malicious network
    • VPNs "tunnel" traffic, sending data in a private way over otherwise public networks. If an attacker tricks a victim into using a malicious VPN, she can control where the data ends up.
  • Implementing a proxy to redirect traffic in a malicious network path
    • A proxy is a server that sits on the Internet connection between a device and the server (e.g., a website or app) to which the person is trying to connect. If the attacker sets up a proxy on the network, she can access the data flowing from the device and route it to her malicious destination.
  • Address Resolution Protocol (ARP) spoofing to advertise an attacker's own hardware address in place of a gateway
    • This allows an attacker to connect her device (e.g., her laptop) to a victim's device's IP address and receive data intended to be sent to the victim's device.

Today data is typically encrypted, making it difficult for attackers to see the data they steal. There are tactics attackers use to decrypt the data or otherwise be able to view it, however. For example, web browsers use a number of different encryption standards to ensure data is secure in transit. When access to a strong version of encryption is not available, the browser may use a lesser form of encryption to attempt to secure the connection.

Lookout Safe Wi-Fi iOSWhat will Lookout do if I experience a MitM attack?

First, Lookout will alert you if your device connects to a dangerous Wi-Fi network, or if you are actively under attack.

Next, the app will provide you with clear, step-by-step instructions detailing how to disconnect from the network. Sometimes there are situations in which you are intentionally accessing a network Lookout flags. Lookout never wants to stand in the middle of what you're trying to accomplish, so we also provide the option to "trust" the network. For example, an IT administrator may set up a network that captures data flowing through it to ensure that accessed websites are safe to view in a work environment. An employee may want to allow their device to "trust" this network.

Lastly, you should follow the steps the Lookout app provides, as you see fit, to keep yourself and your data safe from prying eyes.

How do I protect myself?

If you already have Lookout Premium, you simply need to update to the latest version of the Lookout app to access Safe Wi-Fi. It will begin working immediately.

If you have Lookout, but don't have Premium yet, learn more about what features you can get when you upgrade.

If you don't have Lookout, download the app here.

Interested in learning more about what Lookout Personal offers? Check out our website.

Find out how you can secure your smartphones and tablets today

Request A Demo call_made

Free Trial call_made

Contact Sales call_made


Sibo Zhao,
Principal Product Manager