Pages

Feed icon

Sunday, 16 January 2011

Lookout Technical Team Talks About Android Trojan, Mobile Security, App Genome Project

;

Lookout Technical Team Talks About Android Trojan, Mobile Security, App Genome Project

By now, I’m sure most of you have heard of Lookout Mobile Security. They’re a company that provides security application for mobile devices, like Android, Blackberry and Windows Mobile. Now, I’m a huge fan of Lookout. In fact, as we speak, I’m backing my pictures up to their servers from my HTC Evo. But we wanted to get in a little closer with the Lookout team, find out about their product and the challenges they face. So, we scheduled a sit-down with Lookout Chief Technical Officer Kevin Mahaffey and Principal Security Engineer Tim Wyatt, and had a chat.

First off, we asked what the company was all about. They told us about their product, Lookout Mobile Security, and how it prevents bad apps and files from making their way onto your device, plus all the other features it provides.

TalkAndroid: How does the Lookout app effect battery life and device resources?

Lookout: The best way to measure battery life on Android is to use the battery manager in the Android settings menu. It will tell you how much battery is being used by each application from when you first turned it on. Lookout is typically under 2%, unless you are backing up data or pictures, in which case it may go up to about 4 or 5%. Typically, however, it is usually in the 2% range.

TalkAndroid: The next question is about this new Gemini Trojan. Can you tell us a bit about that?

Lookout: It’s actually “Geinimi”. It’s emerged primarily in alternate markets, mostly in China. We discovered that there were a number of applications out there that were repackaged with the malicious code. When you launch the app or start up your phone, the virus will start up and begin phoning home to a remote server. It sends identifying information about the device, such as information about the SIM card and the hardware identifier for the device itself. It will also send location as well. The server can then issue a number of instructions to the effected device. Calling arbitrary phone numbers, downloading additional apps, requesting that apps be uninstalled. What’s interesting about this is the fact that it actually encrypts the payload, and could be used to charge money to someone’s phone bill, or could be used for a variety of mechanisms. It’s a bit confusing, because no one knows exactly why the author wrote it – due to the wide variety of the things that it does.

TalkAndroid: So is the Geinimi software technically a Trojan, or is it malware?

Lookout: A Trojan is actually a subset of the Malware definition.

TalkAndroid: How much of a threat is the Geinimi Trojan to users in the US?

Lookout: One way that users in the US could get this is by searching for a pirated game and coming across one of these Chinese download sites. Another way is a torrent of a pirated game pack, for example, which may include one of these files. People should look at their phones like a PC. People should take the same care and responsibility when downloading apps and visiting websites as if they were using a PC. Remember, Lookout does protect against this Trojan.

There are two kinds of apps that users should be worried about: malware, and apps that compromise your privacy. Some people may want to use location based social networks, other people may not. We believe it is user choice, so we have a list of “grey” applications. These gray applications is where the Privacy Advisor comes into play. The Privacy Advisor in Lookout shows the applications on the phone based on the sensitive information it is capable of transmitting.

TalkAndroid: So are there any other viruses that you have come across that people should be concerned about?

Lookout: Not specifically. Generally speaking, people should be careful when downloading apps and visiting sites. The malware has primarily been in off market sources, but there have been apps in the android market that have had questionable privacy practices. We think that more malware will eventually make its way into the US, but it’s good to start being cautious now – to keep your device safe.

TalkAndroid: So, as far as you know, does Google do any kind of virus scanning on apps before they hit the Android Market?

Lookout: When you upload an app to the market, it goes live, and Google doesn’t do any checks on it. However, if enough people say “this is bad” and that it’s actually malware, Google will look at it. However, anyone can upload anything, but it’s up to the community to say that it’s bad.

In keeping with this, Lookout also has a project called the App Genome Project. In this project, we are downloading all the apps on the Market and checking them. We first announced it last summer. We are downloading as many apps as possible, and our system flags anything that seems suspicious, and then we will do further investigation. We then alert to our users if these apps seem suspicious or have shady practices. There are some things that are “privacy issues” that are actually legitimate uses of the Android Market. For these, we would just notify customers. However, if we find anything malicious that can actually harm the phone, we report to Google, and they will take action. Every day, we pull the newest apps and analyze them. We’re able to use server-side protection in our analyzation process while keeping things lightweight.

TalkAndroid: Have you seen any viruses that are specific to the hardware of a certain phone?

Lookout: Not specifically. All of the viruses we have seen for the Android OS can go after any device, as long as it’s running Android.

TalkAndroid: With the release of all the new Android tablets, how do you think that will affect mobile security in the future?

Lookout: What you have to look at is the motivation for an attacker to go after an Android device. The bigger the market, the bigger the incentive. So, as Android begins making its way on more and more devices, the drive for attackers to go after these devices goes up. There is a greater incentive for attackers. However, as people become more aware of security, it will become more difficult for these viruses to spread.

TalkAndroid: What direction are you going with Lookout in the future?

Lookout: We’re really excited about what 2011 has to offer. We have some big plans for new features. We’re also dedicated to making this product better all the time, and we’re always looking to make any existing features even better.

TalkAndroid: Is there anything specific you want to say about your product or users?

Lookout: We just want to reiterate how much we love hearing feedback from our users. We’ve shared the story of how Lookout helped catch a car thief in 7 minutes, and we get over 100 stories every week about how Lookout has helped someone when they needed it most for their phone. Whether it’s someone finding a lost device, or being able to back up important photos of passed family members, we love to hear the feedback.

And there you have it. The folks at Lookout were wonderful to talk to, and has some great insights into the ever-expanding world of mobile security. If you haven’t tried Lookout on your device yet, you can check out the app here. It’s free for the light version, which includes:

  • anti-virus
  • anti-malware
  • anti-spyware
  • contacts backup
  • data restore to existing phone
  • phone location service
  • device scream

They also have a premium subscription service, which has all of the features in the free version, plus:

  • photo backup
  • call history backup
  • data transfer to a new phone
  • remote wipe
  • remote lock

For full info and upgrade options, be sure to check out mylookout.com


0 comments:

Post a Comment

 
x