July 15, 2016

Pokemon Go: New tampered apps & what you can do


Pokemon Go, is arguably the biggest mobile game in US history, but while fame breeds fans — even employees in the enterprise — it also attracts many opportunistic attackers.

Read More

July 14, 2016

Insights from Gartner: When and How to Go Beyond EMM to Ensure Secure Enterprise Mobility


Gartner recently published a new research report called, “When and How to Go Beyond EMM to Ensure Secure Enterprise Mobility.*” It’s the first Gartner report that goes in depth into the Mobile Threat Defense (MTD) category, and I believe it delivers three key insights that show the value of MTD solutions, specifically when they are integrated with an Enterprise Mobility Management (EMM) solution to deliver holistic enterprise mobile security.

In this report, I believe that Gartner clearly shows how MTD solutions are unique in their ability to detect malware, app, and platform vulnerabilities. The report also shows how MTD and EMM solutions together are more than the sum of their parts.

Read More

July 8, 2016

Security week-in-review: The week of spikes


It’s hard to keep up with the hundreds of security-specific headlines published every week.

So, we’re rounding up the top news that affect you, your business, and the security and technology industry overall. This week we explore spikes in a number of situations: a spike in encounters of a particularly malicious Android malware family called Shedun, a spike in the number of Wendy’s stores infected by POS malware, and a spike in the number of reported Android vulnerabilities in this month’s Google Android Security Bulletin. Check back every Friday to learn about the latest in security news.

Read More

July 7, 2016

July Android Security Bulletin: 108 patches, the most we’ve seen to date

The Android security bulletin for July 2016 has arrived and with it a big increase in security patches — another 108 vulnerabilities patched. This makes a total of 270 vulnerabilities reported via the monthly Android security bulletin for 2016. The vulnerabilities fixed this month ranged from remote code execution to privilege elevation to information disclosures.

July’s 108 patches are the most we’ve seen to date. The next closest month was June with only 40. It is very important, as always, that you keep your device up to date with the latest version of Android and also check for malicious applications that may seek to exploit these vulnerabilities.

Pasted image at 2016_07_07 02_18 PM

Read More

July 6, 2016

A spike in Shedun, also known as HummingBad

There is a particularly dangerous family of malware, known as Shedun, which Lookout discovered and first reported last November. Shedun is trojanized adware that roots Android devices, masquerading as legitimate apps such as Facebook, Twitter, WhatsApp and Okta’s enterprise single sign-on app. Three similar families are associated with Shedun: Shuanet, ShiftyBug, and one we later discovered, BrainTest.

To make matters more confusing, different vendors have different names for Shedun. You may have heard Shedun called HummingBad, Hummer, or ANDROIDOS_LIBSKIN, or right_core (the APK name). Recent reports on HummingBad raise alarms of a malicious and widespread family one of our competitors claims to have first discovered in February 2016. This is the same as Shedun, which we discovered several months before then, in November 2015. This family is extremely malicious, but it is not new.

Read More

June 28, 2016

Two crucial points we learned at this year’s Gartner Security Summit


Lookout chief strategy officer, Aaron Cockerill, presenting at the 2016 Gartner Security Summit

Read More

June 27, 2016

LevelDropper: A takedown of autorooting malware in Google Play


LevelDropper, an app in the Google Play Store that we determined to be malicious, is the latest example of a new and persisting trend in mobile threats: autorooting malware.

Lookout discovered the app last week and worked with Google to have it removed. All Lookout customers are protected from this threat.

At first glance, LevelDropper seemed to be a simple app to use instead of a physical level from your toolbox, but upon deeper analysis, it turned out to conceal its malicious behavior. The term “autorooting malware” represents a classification of mobile malware that silently roots a device in order to perform actions only possible with more privileges. In this case, LevelDropper stealthily roots the device and goes on to install further applications — many of them — to the victim’s device.

Read More

June 24, 2016

Security week-in-review: Millions of U.S. voter profiles left accessible


It’s hard to keep up with the hundreds of security-specific headlines published every week.

So, we’re rounding up the top news that affect you, your business, and the security and technology industry overall. This week we explore unprotected voting records, unencrypted iOS components, and Google’s new two-factor authentication option. Check back every Friday to learn about the latest in security news.

Read More

June 24, 2016

What a real life risky app looks like: a warning from the DoD

In late May 2016, the U.S. Department of Defense (DoD) released an advisory to their armed services and civilian workforce warning about an Android app called “CAC Scan,” which was found publicly available on the Google Play market.


Read More

June 21, 2016

Introducing network protection for mobile man-in-the-middle attacks

Screen Shot 2016-06-15 at 1.52.16 PM

Today we are excited to announce the availability of network protection, an automated on-device analysis of network connections that defends against man-in-the-middle (MitM) attacks and ensures information is being securely transmitted.

With every enterprise now shifting towards a mobile-first, cloud-first workplace, employees’ day-to-day work now happens beyond the traditional enterprise perimeter.

The enterprise security risks from man-in-the-middle attacks

Many enterprises encrypt sensitive corporate data on mobile devices, but attackers can intercept and decrypt this data via man-in-the-middle attacks using equipment that costs less than $100.

Data in transit on mobile devices is an unmitigated security risk for many organizations. Employees tend to freely connect to public Wi-Fi networks on their smartphones and tablets, not thinking twice about installing proxies to gain access. Unfortunately, they are also largely unaware this can enable attackers to decrypt all encrypted traffic streams going to and from their devices.

Why Lookout network protection is better

Lookout network protection is the most actionable defense against MitM attacks because it focuses on the risks that are the most relevant to enterprises, namely, attempts to intercept encrypted data in transit.

Screen Shot 2016-06-20 at 1.04.34 PM

The Lookout endpoint app automatically detects when a device connects to a new network (Wi-Fi, cellular, VPN, tethered) and immediately runs a series of health checks on that new network to ensure that it is behaving properly. Examples of checks performed include determining that the Root Certificate Authority used to issue SSL certificates for HTTPS sites matches expected values and that the cipher suites and TLS versions used are strong.

Why Lookout network protection delivers better protection from MitM attacks:

Automatic detectionWhenever a device connects to a new network, the on-device Lookout app automatically checks reference servers with known certificate properties and a known TLS configuration. This allows us to compare expected network configuration properties with the established network properties we see. By analyzing whether these established connections meet expected properties, we can determine whether connections are being tampered with by utilizing any of the methods described above (Host certificate hijacking, TLS downgrade, and others).

Reduced false positivesMost progressive mobility programs do not restrict an employee’s ability to connect to cafe, hotel, or airport Wi-Fi networks as that would hinder productivity. However, some approaches to MitM detection will surface admin alerts for this everyday activity. These approaches lead to an abundance of false positives that are not actionable by the average IT organization.

The Lookout approach focuses on the risky types of connections that put encrypted data at risk and thus are not reasonable for employee use. By having an endpoint agent on the device, we are able to introduce a lightweight solution to the user that doesn’t require a VPN to analyze network traffic. This minimizes false positives, enabling users to stay connected and productive on the go.

RemediationIf a new network connection is deemed unsafe, Lookout will alert the employee, letting them know of the threat and that they should disconnect from the Wi-Fi network or uninstall the configuration profile.

Lookout is also able to apply automated remediation via Mobile Device Management solutions during a MitM attack, if a secure connection is present.

How to learn more about the risks of MitM

To learn more about the real risks of employees regularly connecting to hotel and coffee shop Wi-Fi networks and to see a live MitM attack demonstration attend the upcoming webinar, Understanding Mobile Man-In-The-Middle Attacks and the Enterprise Security Risks.

Network protection is the latest security layer within Lookout Mobile Threat Protection, and is now available through over 58 global value-added resellers and distributors, and represents continued commitment by Lookout to delivering superior mobile security to large enterprises.