October 19, 2015

The problem with public Wi-Fi


We’ve all been there: you’re running low on data, but you’re stuck in a really long line and want to check Facebook. Maybe you’re at the airport and realized you didn’t download that eBook for the plane.

Unfortunately, connecting to and using that public Wi-Fi may be jeopardize your data and privacy.

Read More

October 14, 2015

Breaking open South Korea’s government-approved children-targeted surveillanceware

In April of this year, South Korea began mandating that government-approved monitoring software be installed on smartphones used by anyone 19 years of age or younger. Unfortunately, one of the most widely-used, government-approved versions of this “monitoring software” actually left children’s data wide open to prying eyes.

Earlier this year, I participated in the Citizen Lab Summer Institute – a series of research workshops hosted in Toronto by Citizen Lab – and had the chance to collaborate with several researchers on this project that took a closer look at parental monitoring software used in South Korea.

Read More

October 13, 2015

Risky v. Malicious apps: How they’re different & why you need to care about both

There’s a hidden challenge enterprises face when securing mobile devices: some apps that are legitimate and useful in a personal context may introduce a major risk for an enterprise.

While it may not be immediately evident, there are in fact two different categories of harmful applications to an enterprise: malicious apps and risky apps.

As the person responsible for securing mobile devices in your enterprise, you must focus on those apps that intend to do harm, but not forget those that may not be intentionally harmful, but still introduce risk. What’s the difference?

Read More

October 12, 2015

The real story behind those software updates


Updating your software is sometimes an inconvenience, but it’s also necessary to keeping up your mobile security hygiene.

Sometimes updates require connecting to a power source, backing up data, or temporarily losing access to an app or service while the update processes. Whatever the reason, oftentimes we see that little tally of available updates increase and increase.

The problem is, there are many critical security fixes that get pushed through these OS and app updates and when we ignore them, we leave ourselves vulnerable and open to attack.

Read More

October 8, 2015

Kemoge: Lookout protects against malware that roots devices

Kemoge, or what we call ShiftyBug, is a piece of Android malware that roots a victim’s device and installs itself as a system application, making it very difficult to remove. Its end game is to install additional applications on the to the device.

There are eight different exploits packed into the malware that are tailored to root that specific kind of device, the majority of which impact Samsung devices.

Read More

October 5, 2015

The case for not jailbreaking/rooting your device


Jailbreaking your iOS device (or rooting in the case of Android) is tempting. After all, who wouldn’t want access to a whole new world of apps, easier international travel, and more control over their phone?

If you’ve felt the lure to read the latest jailbreaking/rooting tutorial and take the plunge, you’re not alone: An estimated 7.5 percent of all iPhones—amounting to more than 30 million devices worldwide—are jailbroken. Jailbreaking is especially popular in China, where an estimated 13 percent of all iPhones are jailbroken.

Read More

October 5, 2015

Surprising new research: three-quarters of IT leaders have experienced a mobile data breach

IDG CIO-CISO Research Infographic_10.5-2

When you hear about major corporate breaches in the news, they don’t always originate from the same threat vector. Sony was allegedly hacked through PCs, Target through point of sale systems, J.P. Morgan likely through unprotected server infrastructure, the IRS through its “Get Transcript” app.

According to a new report from IDG Research, mobile is an important vector for attack. Seventy-four percent of IT leaders from global enterprises report that their organizations have experienced a data breach as a result of a mobile security issue.

Read More

October 1, 2015

The silly things we do with our passwords


It’s hard to remember the myriad of passwords we use for our accounts online. There are a number of ways we hear of people dealing with this: writing them down on a piece of paper, using the same password across all your accounts, etc.

One of the most concerning practices we’ve heard of, however, is storing your passwords in your mobile contacts.

This is a definite “don’t do,” in our books.

Read More

October 1, 2015

It’s Cybersecurity Awareness Month! We’ve got a lot for you to learn


October is a great month — it’s finally cool outside, pumpkin-flavored food is everywhere, and it’s Cybersecurity Awareness Month.

Bet you didn’t know that last one. We’re excited about Cybersecurity Awareness Month because, clearly, security is something we take very seriously. As the world becomes more connected, we believe security needs to be at the forefront of people’s minds as they use mobile devices to live every day life.

During the month of October, you can find a Lookout blog post every week with some great insights into our behaviors on mobile devices and how we can change those behaviors to keep our devices and data safe and private. Here’s what you can expect to learn.

Read More

September 24, 2015

Threat protection and EMM: What the relationship means for CIOs

Good security relies on strong relationships. The security industry wants to work with hackers, to learn from them and understand their modes of thinking. Security professionals want to share information to ensure everyone understands the broad scope of threats and what they can do to corporate data. Similarly, security technologies want to connect together to deliver new depths of protection.

This is especially the case in the mobile industry. There is no silver bullet to mobile security. It takes specialization — experts working together — to ensure the bases are covered.

Threat protection and enterprise mobility management solutions play together perfectly in this way in that both help enterprises see and manage the risks associated with mobility so that employees are empowered to embrace it.

Read More