SOURCE: Trustlook

Advanced Mobile Security Application

May 23, 2016 08:00 ET

Trustlook Addresses Qualcomm Vulnerability That Affects Millions of Android Users

Leading Mobile Security Company Launches New App and Functionality in Response to Widespread Android Security Threat

SAN JOSE, CA--(Marketwired - May 23, 2016) - Trustlook Inc., an innovator in next-generation mobile device security solutions, is taking steps to combat a widespread vulnerability affecting millions of Android devices. First discovered by FireEye in March 2016, the vulnerability is present in all Android Jelly Bean, KitKat and Lollipop phones using Qualcomm CPUs. On these devices, third party apps could gain special system privileges, or access to a user's SMS database or phone history, without a user's knowledge.

To determine if a user device is vulnerable to this threat, Trustlook released a free Qualcomm Vulnerability Scanner application (available on Google Play) that enables Android phone owners to check for themselves. If the device is exposed, a user may be able to download a software update from the device manufacturer that contains a security patch.

"Most troubling about this threat is that for many devices, there may be no fix available because the device is no longer supported by the manufacturer with regular updates and security patches," said Jinjian Zhai, Head of Research at Trustlook. "The only way to eliminate the vulnerability would be to get a new device."

Trustlook is working on providing additional protection against potential exploits of the Qualcomm vulnerability, particularly for devices that currently lack a security patch for the system software, in its flagship Trustlook Mobile Security application. Signature-based antivirus solutions struggle to protect against such exploits because the permission requested by a potentially harmful application is the same as that requested by millions of legitimate applications, and hackers have learned to exploit this weakness to avoid detection. It is for this reason that researchers at FireEye expect "Google Play will likely not flag it as malicious." Trustlook's cloud-based Mobile Security-as-a-Service (MSaaS) engine overcomes this previous limitation by using both signature-based and signatureless methods, as well as global threat information, enabling it to find more threats, such as those that exploit the Qualcomm vulnerability, sooner than traditional anti-malware technologies.

This Qualcomm incident calls attention to challenges involved in reacting to mobile device security risks. The FTC and FCC have recently sent letters to major players in the smartphone industry expressing their concern over how quickly updates are being issued after a vulnerability is reported. "Users cannot rely solely on device makers or carriers to solve their problems," said Zhai. "This is why it is important for mobile users to have a reliable third-party security app running on their phones and tablets at all times."

About Trustlook

Trustlook (www.trustlook.com) is a global leader in next-generation mobile device security with a solution that finds more vulnerabilities sooner than any other to provide the industry's smallest vulnerability window. The innovative Trustlook Mobile Security-as-a-Service (MSaaS) platform operates in the cloud to deliver the performance and scalability needed to provide total threat protection against viruses, spyware, phishing, ID theft, data loss, snooping and other forms of attack. MSaaS protects users from both known and zero-day threats by examining over 20,000 new and updated applications every day for malware and malicious behavior. Founded in 2013, the company is headquartered in San Jose and managed by leading security experts from Palo Alto Networks, FireEye, Google and Yahoo.

Contact Information