Threat Intelligence

February 6, 2020

min read

Q&A: With Christoph Hebeisen, Head of Threat Intelligence

For more than a decade, the Lookout Security Research team has been at the forefront of mobile threat research. We sat down with our Head of Threat Intelligence, Christoph Hebeisen, to learn what it means to be a security researcher in a world of constantly evolving threats. 

Why did you choose to become a threat researcher?

I have always been deeply curious about how everything works at the most fundamental level.  When I got my first computer, I quickly gravitated towards assembly (machine language). And, after spending years in academic research, I wanted to work in a field where I could make a difference more directly than in pure research.  In threat research, I get to combine my curiosity and love of research with a cause that matters to me: the privacy and security of our data.

What do you find interesting about mobile security in particular?

The future of computing, communications, entertainment, and work is mobile.  However, the nature of mobile devices is different from fixed endpoints. They hop from location to location and from network to network -- there is no corporate network perimeter protecting them.  In addition, mobile devices by their nature include communications channels that are not available on PCs, such as SMS, not to mention a host of third-party messaging applications.  This environment poses a whole new set of interesting challenges we need to address to allow a smooth transition into the mobile-first future, without increasing the risk of data breaches.

How has the job of a security researcher changed in the last few years?

As more of our personal and corporate data move to mobile devices, the threats have become more varied. There has been an evolution over the past few years as threat actors, who in the past used simple malware to steal text messages or incur premium messaging charges, are now utilizing banking trojans and full-featured surveillance tools.  Moreover, nation states use mobile surveillanceware--from simple spying apps to zero-click device exploits--to spy on both foreigners as well as their own citizens. Most recently, phishing campaigns have begun targeting mobile devices first or even exclusively. As a result, the field of research has dramatically expanded to cover every possible threat vector.

What skill / quality is it that you look for most when hiring a  threat researcher?

Researchers often encounter deliberately convoluted or obfuscated code, malware that tries to hide from discovery by only activating malicious functionality in a certain geography or on certain types of devices. In order to successfully research such malicious code, a researcher must not be daunted by seemingly insurmountable problems, and have a high level of creativity in addition to the more obviously necessary technical skills.

What is the most rewarding part of your job?

To know that our work makes the mobile ecosystem a better and safer place, not just for Lookout's customers, but also for countless other mobile users, for example through the App Defense Alliance. This work is largely invisible to the beneficiaries - just like many other safety and security functions. So while most users may never know that Lookout protected them from having their bank accounts compromised via a banking trojan or phishing link, I take pride in knowing that we do.