Two especially critical flaws that allow an attacker to root or completely compromise a device have just been added to the litany of vulns on Android devices.
The vulnerabilities are known colloquially as DirtyCow (CVE-2016-5195) and Drammer (CVE-2016-6728). While they are unrelated, they both represent a real risk to Android users as individuals have already published proof-of-concept exploit code online for both vulnerabilities, thus minimizing the time attackers would need to understand and develop their own exploits from scratch. Additionally, industry researchers have already seen attackers using DirtyCow to exploit Linux-based systems in the wild.
To the people whose data, devices, and digital lives we protect every day:
Lookout has just released a brand new design for the Lookout app for Android, all based on your feedback.
We recently completed a comprehensive customer-insights initiative with you, our users. In it, we learned that you need:
Securing mobile devices and the data they access is a huge challenge. This is because of three key technology trends happening today:
1) Mobile apps have become the primary way that data is accessed and stored. Mobile apps account for over half of internet use, according to a 2016 study from Andreessen Horowitz. Enterprises, however, rarely know what apps are being used on an employee’s mobile device and whether that app is collecting sensitive information.
2) Individual employees have tremendous control over their mobile environment. They have freedom to choose whatever apps they would like to use to get their work done. This isn’t inherently a bad thing — every company wants productive employees — but it can inadvertently put corporate data at risk if an employee chooses the wrong app..
3) Mobile apps creators range from Forbes 500 companies to a few guys in a garage. The problem is, app developers of any size do not know your company’s specific data protection sensitivities, government compliance regulations, industry standards, or data sovereignty laws. The apps are not always built to meet these sensitivities and may leak corporate data despite being otherwise “benign.”
Mobile apps introduce a new layer of complexity to an enterprise’s security strategy as IT now has to protect against everything from malicious apps to risky app behaviors.
The October Android Security Bulletin contains 78 patches for Android devices — 23 more than last month, yet the third highest since Google started releasing the monthly patches. The release reveals more remote code execution (RCE) vulnerabilities, which could allow an attacker to take over a device requiring very little interaction from the victim.
Given the fragmentation of Android, and the slower patch cycles for these devices, mounting RCE issues could spell trouble for individuals waiting for patches and companies whose employees use Android devices.
This is likely one of the reasons why Google is starting to put more pressure on its partners to update Android devices more frequently.
Today, we are excited to announce that the Lookout Mobile Endpoint Security integration with Microsoft Enterprise Mobility + Security (EMS) is now generally available.
This means that while enterprise employees more seriously consider mobile devices to be an invaluable tool in their everyday working lives, enterprise IT teams don’t have to struggle to secure the rapidly increasing number of endpoints on their networks.
On Tuesday, I had the great pleasure to speak at the U.S. Chamber of Commerce’s 5th Annual Cybersecurity Summit. This premiere event convenes public and private sector leaders around one of our most pressing national security concerns. My presentation focused on how U.S. Government CIOs and security professionals can secure the next frontier for cyber attacks: the mobile device.
Security professionals are more likely to pay attention to breaches if the companies being breached already have recognizable names.
Seems like common sense. You see a headline that says, “Target point of sale technology hacked,” you’re much more likely to pay attention than, “Hospital in Kentucky suffers from ransomware attack.” Unless you live in Kentucky.
Security teams that do this, however, might be missing the big picture of how broad security incidents are and how they don’t just impact top names — everyone is at risk.
We identified the Overseer malware in an application that claimed to provide search capabilities for specific embassies in different geographical locations.
Through close collaboration with an enterprise customer, Lookout identified Overseer, a piece of spyware we found in four apps live on the Google Play store. One of the apps was an Embassy search tool intended to help travelers find embassies abroad. The malware was also injected as a trojan in Russian and European News applications for Android.
Google promptly removed the four affected apps after Lookout notified the company. All Lookout customers are protected from this threat.
Current variants of Overseer are capable of gathering and exfiltrating the following information:
Dr. Amoroso is a former SVP and CSO of AT&T. He is currently on the board of M&T Bank and the CEO of TAG Cyber, which has just released the 2017 TAG Cyber Security Annual, a comprehensive reference guide for cyber security professionals.
Updated 9/2/2016: The segment will re-air on 9/4/2016. Interested in getting more in-depth information on our attack demonstrations? Read about how we did the Wi-Fi attack here and the mobile malware attack here.
Tonight, 60 Minutes featured Lookout co-founder John Hering and a number of other well-known and respected security researchers demonstrating mobile attacks.