September 2, 2016

MDM solutions don’t deliver sufficient protection against Pegasus

Since Lookout first announced our discovery of the Pegasus attack and Trident vulnerabilities in partnership with Citizen Lab, we’ve received many clarifying questions from security professionals. In this series we’re answering the top queries we’ve received to help you better understand the facts around this unprecedented mobile threat.

Today’s question: Why can’t my MDM protect my organization from Pegasus?

A Mobile Device Management (MDM) solution is not by itself a sufficient protection against advanced, targeted threats like the Pegasus spyware.

No existing jailbreak detection technology would have caught this threat before Lookout and Citizen Lab uncovered the techniques. This is because MDMs can only detect known jailbreak techniques and Pegasus used advanced exploits of previously unknown (zero-day) vulnerabilities to jailbreak the device.

Now that these advanced techniques are publicly known, we have not observed any MDM technology that is currently able to detect them.

Read More

September 2, 2016

Encryption and VPNs alone do not protect you from Pegasus/Trident

Since Lookout first announced our discovery of the Pegasus attack and Trident vulnerabilities in partnership with Citizen Lab, we’ve received many clarifying questions from security professionals. In this series we’re answering the top queries we’ve received to help you better understand the facts around this unprecedented mobile threat.

Today’s question: Why can’t encryption or VPNs stop this threat?

Encryption and VPNs are excellent tools that protect sensitive data in most situations. Given the extreme sophistication of the Pegasus attack, however, these tools won’t actually protect data in this scenario.

Read More

September 2, 2016

Security Alert: Apple just patched Trident in Macs, too

In the process of researching and disclosing the Trident iOS vulnerabilities, Lookout and our partners discovered another detail: these three software holes were present in Apple’s Mac computers, as well.

Mobile devices and PCs are being attacked in similar ways. The devices can have the same vulnerabilities and very similar attacks. As mobile devices become the primary computing device people use for their work, enterprises will need to have the same security protection and incident response measures on both platforms.

We worked directly with Apple to patch the vulnerabilities, and allowed sufficient time for the patch to be distributed before disclosing. You can see Apple’s patch notification here.

Read More

August 30, 2016

Congressman urges “congressional hearing” after Trident iOS vulnerability discovery

“I am pleased that Apple was able to quickly address this security breach, but it is clear that Congress must do more to address the issues of mobile security. I believe a congressional hearing is in order and plan to work with my colleagues to examine these critical security concerns.”
-Congressman Ted W. Lieu (D, Los Angeles County)

After news of the Trident vulnerabilities broke, Congressman Ted Lieu issued a statement urging the U.S. government to pay closer attention to mobile security.

Congressman Lieu’s comments follow a trend of individuals and agencies calling for attention on mobile security. The White House Digital Government Strategy, the DoD Mobile Device Strategy, and NIST’s Mobile Device Security for Enterprises Building Block document urge agencies to adopt and secure mobile technology to improve service and enhance effectiveness. Read More

August 25, 2016

3 things CISOs need to know about the Trident iOS vulnerabilities

Landing page, header - 2500x600_v3

Earlier today, Lookout and Citizen Lab published findings about a sophisticated, targeted, and persistent mobile attack on iOS using three zero-day vulnerabilities we call “Trident.” The attack allows an adversary to silently jailbreak an iOS device and stealthily spy on victims, collecting information from apps including Gmail, Facebook, Skype, WhatsApp, Calendar, FaceTime, Line, Mail.Ru, and others.

This discovery is further proof that mobile platforms are fertile ground for gathering sensitive information from target victims, and well-resourced threat actors are regularly exploiting that mobile environment.

Lookout PegasusRead Lookout’s report here.

Read More

August 25, 2016

Sophisticated, persistent mobile attack against high-value targets on iOS

Lookout PegasusPersistent, enterprise-class spyware is an underestimated problem on mobile devices. However, targeted attack scenarios against high-value mobile users are a real threat.

Citizen Lab (Munk School of Global Affairs, University of Toronto) and Lookout have uncovered an active threat using three critical iOS zero-day vulnerabilities that, when exploited, form an attack chain that subverts even Apple’s strong security environment. We call these vulnerabilities “Trident.” Our two organizations have worked directly with Apple’s security team, which was very responsive and immediately fixed all three Trident iOS vulnerabilities in its 9.3.5 patch.

All individuals should update to the latest version of iOS immediately. If you’re unsure what version you’re running, you can check Settings > General > About > Version. Lookout will send an alert to a customer’s phone any time a new update is available. Lookout’s products also detect and alert customers to this threat.

Read More

August 17, 2016

Gartner Market Guide for Mobile Threat Defense Solutions – what you need to know


Gartner published its “Market Guide for Mobile Threat Defense Solutions” a few weeks ago, and in my view it offers three key takeaways for security and IT leaders facing the challenge of securing mobility in your organizations.

In the guide, Gartner establishes a clear definition for Mobile Threat Defense (MTD), outlines the market’s direction through 2018, and provides the capabilities an MTD solution should have.

Let’s take a closer look at what I see as the “must know” takeaways from this report:

Read More

August 15, 2016

Linux flaw that allows anyone to hijack Internet traffic also affects 80% of Android devices

Lookout recently discovered a serious exploit in TCP reported this week also impacts nearly 80% of Android, or around 1.4 billion devices, based on an install base reported by Statista. The vulnerability lets attackers obtain unencrypted traffic and degrade encrypted traffic to spy on victims.

The issue should be concerning to Android users as attackers are able to execute this spying without traditional “man-in-the-middle” attacks through which they must compromise the network in order to intercept the traffic.

Researchers from University of California, Riverside and the U.S. Army Research Laboratory recently revealed a vulnerability in TCP at the USENIX Security 2016 conference, specifically pertaining to Linux systems. The vulnerability allows an attacker to remotely spy on people who are using unencrypted traffic or degrade encrypted connections. While a man in the middle attack is not required here, the attacker still needs to know a source and destination IP address to successfully execute the attack.

We can estimate then that all Android versions running the Linux Kernel 3.6 (approximately Android 4.4 KitKat) to the latest are vulnerable to this attack or 79.9% of the Android ecosystem.

Read More

August 10, 2016

Now available: The Practical Guide to Enterprise Mobile Security


The Practical Guide to Enterprise Mobile Security is a one-stop shop for enterprise IT teams looking to enable mobile productivity in their organizations, while simultaneously reducing the risks inherent to mobile devices. In it, you’ll get actionable information on every element of mobile security from what threats look like on mobile to how to buy a mobile security solution.

If you have any of the following questions, you need to read this guide:
  • What is mobile security?
  • What are mobile threats?
  • Have you seen mobile threats in real-life enterprises?
  • What features should mobile security solutions have?
  • How do I sell the idea of mobile security to my internal stakeholders?
  • How do I evaluate vendors?
  • How do I get my employees to use it without seeming like Big Brother?
  • How do I know if it’s really working?

Screen Shot 2016-08-10 at 9.43.55 AM

Read More

August 5, 2016

Security week-in-review: Bugs be gone, Apple announces bounty program


It’s hard to keep up with the hundreds of security-specific headlines published every week.

So, we’re rounding up the top news that affect you, your business, and the security and technology industry overall. This week we explore bug bounty programs, bug fixes, and healthcare breaches. Check back every Friday to learn about the latest in security news.

Read More