Smartphones today have more computing power than a Cray III supercomputer. However, many security professionals put about as much thought into securing their mobile ecosystems as they did into securing Motorola RAZRv3 flip phones back in the day.Vanity Fair interviewed my team to understand the story behind the discovery of Trident, the three zero-day vulnerabilities used to remotely jailbreak iOS devices, and Pegasus, the spyware that used these vulnerabilities to exploit targeted individuals.
Lookout (and our partners at Citizen Lab) analyzed Pegasus and Trident in August, leading to one of the largest threat discoveries in mobile security to date. The article offers an in-depth look into the kind of threats that are proliferating against mobile devices.
A breakdown of the article:
- The story starts out with a picture of the moment we realized Pegasus was a real problem attacking a real person.
- It details the history of the threats that set the stage for today’s risk landscape.
- Then, it explains the stages of the attack, and the research into three critical zero-day vulnerabilities.
- Finally, the story finishes with a word on attack sophistication. I call it a “James Bond story.”
The confidentiality of your corporate data is at risk from targeted, sophisticated attacks against mobile devices and it has been for a few years now. This isn’t just high-level nation-state attackers. These tools are available to anyone with a few hundred grand to spend.
Of course, you likely haven’t seen an attack like this against your mobile infrastructure. Unless you’re already a Lookout customer, you don’t have controls in place to give you the visibility to know if you had. Your enterprise security strategy probably relies heavily on intelligence from your laptop & desktop endpoints, but few enterprises have comparable visibility into threats attacking their mobile endpoints.
If you want to know more about how you can remove those blind spots and protect against the rapidly evolving mobile threat environment, contact Lookout today.
Book a personalized, no-pressure demo today to learn:
- How adversaries are leveraging avenues outside traditional email to conduct phishing on iOS and Android devices
- Real-world examples of phishing and app threats that have compromised organizations
- How an integrated endpoint-to-cloud security platform can detect threats and protect your organization