Promote This Nomination

Share on FacebookTweet about this on TwitterShare on LinkedIn
lookout_horz_logo
Lookout BlackHat
  • Job title of nominated professional: Max Bazaliy, Andrew Blaich, Kristy Edwards, Michael Flossman, Seth Hardy, Staff Security Researchers; Mike Murray, VP of Security Research
  • Company (where nominated professional or team is working): Lookout
  • Website: Lookout.com
  • Company size (employees): 300

In 3 bullets, summarize why this professional or team deserves recognition

- The Lookout Research and Response team, with its research collaboration with Citizen’s Lab, uncovered the first active mobile threat that completely compromises an iOS device with just one click.

- The two organizations worked directly with Apple’s security team, which was very responsive and immediately fixed all three Trident iOS vulnerabilities in its 9.3.5 patch. The team, some of whom have been doing security research for two decades, have never seen a software vendor respond so quickly.

- Uncovering this attack shows us that highly resourced actors see the mobile platform as a fertile target for gathering information about targets, particularly high risk groups like activists, and regularly exploit the mobile environment for this purpose.

In less than 300 words, summarize the achievements of the professional or team in the nominated category

In August 2015, the Lookout Research and Response team, with its research partner Citizen Lab, uncovered the first active mobile threat that completely compromises an iOS device with just one click. Called Pegasus, this is a piece of spyware, using three critical iOS zero-day vulnerabilities that, when exploited, form an attack chain that subverts even Apple’s strong security environment. We call these vulnerabilities “Trident.” Our two organizations worked directly with Apple’s security team, which was very responsive and immediately fixed all three Trident iOS vulnerabilities in its 9.3.5 patch.

Pegasus, which according to an investigation by Citizen Lab, is developed by an organization called NSO Group, is the most sophisticated attack we’ve seen on any endpoint because it takes advantage of how integrated mobile devices are in our lives and the combination of features only available on mobile. It is modular to allow for customization and uses strong encryption to evade detection.

In this case, the Lookout research team uncovered that the software is highly configurable: depending on the country of use and feature sets purchased by the user, the spyware capabilities include accessing messages, calls, emails, logs, and more from apps including Gmail, Facebook, Skype, WhatsApp, Viber, FaceTime, Calendar, Line, Mail.Ru, WeChat, SS, Tango, and others. The kit appears to persist even when the device software is updated and can update itself to easily replace exploits if they become obsolete.

The Lookout research team believes that this spyware has been in the wild for a significant amount of time based on some of the indicators within the code (e.g., a kernel mapping table that has values all the way back to iOS 7). It is also being used to attack high-value targets for multiple purposes, including high-level corporate espionage on iOS, Android, and Blackberry.

cybersecurity_awards_finalist

Leave a Comment.

You need to be a registered member to comment on this nomination.Please register

(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','https://www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-91940402-1', 'auto'); ga('send', 'pageview');

Sign Up for
Cybersecurity Excellence Awards Updates

Sign up for your award updates! Join thousands of cybersecurity marketers and professionals to receive the latest news about the upcoming Cybersecurity Excellence Awards.

Sign Up for
Cybersecurity Excellence Awards Updates

Sign up for your award updates! Join thousands of cybersecurity marketers and professionals to receive the latest news about the upcoming Cybersecurity Excellence Awards.