After hearing from our customers over and over that they often rely on friends and family to save the day on mobile technology, we ran a national survey with Harris Interactive to investigate this trend. It turns out that we rely on others quite a bit to make technology connections happen. Sixty-three percent of people struggle to keep up with the latest mobile tech and 1 in 3 depend on tech savvy friends and family—we like to call them Tech Heroes—for a bit of help.
Below are some of the interesting things we learned about these rare birds, unicorns and diamonds in the rough we’ve come to depend on.
Anyone can be a Tech Hero: your friend who gives you the best app recommendations, the IT admin who rescued your pictures from a lost phone, even your kid who helps you locate the power button. While common belief suggests that tech experts are typically among younger age groups, 37% of Americans say their Tech Heroes are between ages 31-45, while 33% say they are between 21-30. Truth is, Tech Heroes come in all ages and can be found nationwide.
Tech Heroes come to our aid in a number of ways. Whether it’s helping to set up a new phone, troubleshooting a new device or downloading the latest apps, we rely on Tech Heroes to show us the ropes.
This holiday season, 45 million new smartphones are expected to hit shelves and mobile devices will top holiday wishlists. With the many new devices hitting shelves it can be difficult for people to decide on the perfect smartphone or tablet to meet the needs of their mobile lives. We learned that Tech Heroes have a large amount of influence over mobile commerce.
Interested in celebrating the Tech Hero in your life this holiday season? Nominate your Tech Hero (you can also nominate yourself) here. For those who are setting up their new phones this holiday season and don’t have a Tech Hero offhand, we’ve developed a Tech Hero Handbook with everything you need to know to set up a new phone, fix a cracked screen, or conserve your battery life.
Over the past few months the Lookout security team has taken a closer look at a malware family we’ve labeled Mouabad, which gives third-parties control over user devices and enables malicious parties to defraud victims via premium rate SMS billing.
Recently, the team identified a new and particularly interesting variant of Mouabad, which we’ve dubbed MouaBad.p. For the first time (as far as Lookout has seen), remote attackers can now make phone calls (possibly to premium-rate numbers) without user intervention. This represents a significant jump in functionality compared to more common premium-rate fraud that relies on SMS functionality.
In addition to never-before-seen functionality, Mouabad.p is particularly sneaky and effective in its aim to avoid detection. For example, it waits to make its calls until a period of time after the screen turns off and the lock screen activates. Mouabad.p also end the calls it makes as soon as a user interacts with their device (e.g. unlocks it). However, this malware variant does not appear to have the ability to modify call logs so a discerning victim could uncover Mouabad.p’s dialing activity by checking their call histories. Like all members of the Mouabad family, Mouabad.p also allows remote attackers to send SMS messages and control various settings related to premium SMS billing.
Who Is Likely to Be Affected
The good news is that the risk of infection is low. Mouabad.p only works on Android versions older than 3.1 since apps won’t start from intents (like “user_present”) in later Android versions and Mouabad.p does not have a launcher shortcut. Lookout detection volumes of Mouabad.p are low and restricted primarily to Chinese-speaking regions. Since premium-rate SMS and telephone calls rely on country specific phone numbers Mouabad.p will not function outside of targeted countries so there is no incentive for the attackers controlling it to allow it to spread outside these regions.
All Lookout users are protected from this threat.
What Makes Mouabad.p Noteworthy
In the world of mobile malware Mouabad.p is noteworthy because it can initiate a call without user intervention. In addition, MouaBad.p is specifically engineered to evade detection and deletion, concealing its background activities from users wherever possible and attempting to get privileged device access to make itself more difficult to remove. Mouabad.p and other trojans that can financially harm users and effectively hide themselves underscore the need for sophisticated mobile malware protection.
How It Works + Capabilities
To launch, MouaBad.p depends on hooks into the operating system (known as intents) that start the app each time the device boots and whenever the device unlocks. This enables the malware to function without a suspicious icon on the home screen that might otherwise alert the device owner to its presence – just one of several techniques employed by its authors to evade detection.
Mouabad.p is likely delivered via a “dropper” app that loads Mouabad.p in the background during its own installation process. Once installed and run, Mouabad.p begins to poll its configured C&C servers for commands, typically once every 8 hours.
MouaBad.p looks for the following commands from the C&C server:
The method Mouabad.p uses to make and end calls is unusual in that it uses reflection to access private methods in TelephonyManager to make and end calls (as opposed to the more common use of intents). The malware does not appear to have the ability to modify call history, leaving victims a rare opportunity to uncover malicious activity that is otherwise well concealed. The C&C server is currently down so the exact dialing targets are unknown, but targeting premium rate telephone numbers could offer the attackers an effective monetization strategy and would be a logical extension of the Mouabad family’s predilection for premium-rate fraud. In theory, this dialing functionality could also be used for other malicious purposes such as remotely spying on conversations within the vicinity of a device microphone, or simply running up a victim’s wireless bill.
How To Stay Safe
We are lucky to call more than 45 million people worldwide our happy customers, but we’ve always known that businesses also need to protect their mobile devices with as much urgency as consumers. Today, I am beyond proud to announce the release of a new version of Lookout, tailored just for businesses. With Lookout for Business we’ve taken an important step in expanding the vision of protecting every mobile device with our first product geared toward companies and their specific mobile security needs.
Lookout for Business offers dead simple device management and comprehensive mobile security, wrapped up in an app employees actually want to put on their mobile devices. At the end of the day, strong security depends on adoption by end-users, so we’ve packed our app with useful features that provide immediate and real value to employees.
Prototype, Test, Iterate, Ship
We first sought to understand the baseline consumer attitude towards privacy policies by surveying 2,000 mobile users. Not surprisingly, more than half of those we surveyed feel that privacy policies are vague. Moreover, less than half of them read privacy policies, and even fewer actually trust the apps they download.
Lookout cares about keeping you safe from threats to your personal information, whether on or off your mobile device. That’s why when we heard about the recent Adobe account and password breach, we put together a quick list of steps that anyone can take to protect themselves. These kinds of breaches are becoming increasingly more common, therefore it’s up to you to set a strong passwords on all your online accounts.
For a more in-depth look at passwords and their pitfalls, we recommend reading Mat Honan’s Wired article.
Stay safe out there!
- Lookout Team
Image courtesy of Drupal.org.
From day one, our goal has always been to protect every device across the globe and we’re excited to announce that we’re one step closer to fulfilling that mission. Today marks the beginning of Lookout’s collaboration with AT&T to bring mobile security to all AT&T Android customers. Moving forward, Lookout will be available on every Android phone sold by 3 out of the 4 major US carriers.
Computing has changed forever and mobile devices are only the beginning of a massively connected world. According to Gartner, 1.8 billion mobile phones are expected to ship by the end of 2013, a 4.5 percent increase from the previous year. Lookout will now play a foundational role in protecting AT&T customers from emerging mobile threats and keeping the precious data their devices carry safe.
AT&T actively identifies software partners to drive growth and innovation on their platform. They understand that the next wave of mobile goes beyond connectivity and communications to services and apps that are available through the AT&T platform. We’re happy to be protecting AT&T customers and safeguarding their most personal computers.
Moving forward, the Lookout app will be installed on all compatible AT&T Android devices (currently installed on the Samsung Note 3). With Lookout, AT&T customers can have the confidence to use their phone to its fullest capability, and rest assured knowing they are protected no matter what they do. Whether it’s helping to find a lost/stolen phone, managing phone security or backing up precious data, we’re helping AT&T customers with a safer, more secure, mobile experience.
Lookout has identified MaClickFraud, a Trojan added to legitimate games and other applications that defrauds search engines and ad networks by simulating legitimate traffic. This Trojan can enable a broad range of click fraud activities, from faking search terms in order to boost the ranking of a targeted website, to gaming incentivized download networks or other ad networks in order to make an ad publisher appear to have more traffic than they actually do.
The risk of infection is low, with the vast majority of detections occurring in Chinese-speaking regions like China, Taiwan, and Hong Kong. To date, the only site we have observed hosting the malware is AnZhi, a Chinese alternative app store.
This Trojan can engage in a broad range of click fraud activities and its authors likely rent out their botnet to other parties who may use it to fake search activity as a form of black-hat SEO or to impersonate ad clicks on their own properties to boost ad revenue. Since the malware infects otherwise-legitimate apps and does not cause visibly adverse effects to the app user, it likely remains active and undetected for a relatively long period of time, compared to other more intrusive forms of malware.
Our phones are our lifelines and have become an essential tool for everyday life. We are constantly plugged into our phones – during the morning commute, just before bed — even at the dinner table. Gone are the days when we used phones merely as a means of communication. Smartphones have become our most personal computers and in many cases know more about us than our best friends. Lookout and Sprint today released the results of a national survey revealing consumers’ mobile behaviors, habits and concerns over privacy.
The results reveal a striking attachment to our mobile devices and a concern over the exposure of personal information.
My smartphone and I are connected at the hip.
A day without your phone? Not any more. The majority of Americans admitted they can’t go one hour without checking the phone in their pocket. Texting surpasses calling and email as the feature most missed when without the phone (29%), followed by calling (26%) and emails (9%).
A year ago I spoke about how Lookout was five percent of what we will be. Today, we’re ready to talk about the other 95 percent.
I’m excited to share that Lookout has raised $55M from industry leaders Deutsche Telekom, Qualcomm, Greylock Partners and Mithril Capital Management, in addition to our current investors Accel Partners, Andreessen Horowitz, Index Ventures, and Khosla Ventures. We will invest in security beyond the mobile device by working with our investors and partners to find new ways to secure the broader mobile ecosystem, including networks. The capital will help us expand internationally and extend our offerings into the business and enterprise space. In a connected world, security will be critical across mobile networks and connected devices, and this round will help enable Lookout to secure the next phase of mobile computing.
As of version 2.13.2, Lookout will no longer be offering new versions of the Lookout app for users of iOS 5. This update will be available next week.
As we continue to improve the Lookout for iOS app, we will be using features and capabilities that are unique to the newest software versions of iOS, not all of which are supported in iOS 5. With the exciting release of iOS 7 last Wednesday, and the introduction of the iPhone 5S and 5C, almost 60% of iOS devices are already running the latest operating system. And as of today, less than 4% of users are running iOS 5 and older.
So what does this mean?
If you are using iOS 5 and would like to receive further Lookout updates, you can check to see if you are able to upgrade your device to iOS 6 or 7. To do this:
Remember, all iOS 5 devices will still have access to the current features that Lookout offers, and will still receive any security alerts that Lookout sends.
If you have any questions about Lookout’s compatibility on iOS, please visit faq.lookout.com.
Follow @Lookout on Twitter
Follow our CEO, John Hering @johnhering
Stay up to date with the latest in mobile security. Subscribe to our RSS feed.