Is this app the answer to account hijacking? LogDog launches on Google Play

Monitors online accounts for suspicious activity

Orange-backed Israeli startup LogDog has launched a new smartphone app it believes offers a way for users of services such as Gmail and Twitter to secure these accounts against hijacking by monitoring unauthorised access.

Described as being like "anti-virus for online accounts," the concept is so simple it surprising it's not been tried on any scale before. Today's monitoring services tend to be provided by and tied to specific services but LogDog works across different accounts including Gmail, Twitter, Facebook, Dropbox, Evernote, LinkedIn, Instagram and Yahoo.

After downloading the Android app (an iOS version is in development), account holders enter their credentials for each service (these are not transferred to LogDog), after which it monitors that account for unusual behaviour every few minutes. If it detects something suspicious it alerts the user via the app itself.

What trips its sensors? Unusual patterns might include access from a country or IP address not part of the user's profile as well as access from an unknown device or browser. It will also notice if there is a mismatch between the location of the smartphone running the app and the desktop used or if the account starts sending lots of email.

Alerted users are guided through a process (which we didn't test) to recover their account. Some false positives seem inevitable with this kind of service but over time a usage pattern should become established.

"Recent headlines highlighting the vulnerability of online information reinforces the importance of being proactive about guarding online accounts with tools that go beyond what big service providers can do," said LogDog founder and CEO, Uri Brison.

"LogDog is about putting control back in users hands and giving them the knowledge and power to protect their own information before major damage is done."

For this type of protection to work well, quick reaction is essential. If the takeover happens when a user is asleep or parted from their smartphone or computer, attackers have more time to change defaults. A recent Google study of manual account takeovers noted that most of the damage from the worst hijacks happen with 30 minutes of a breach.

Another limitation is the range of accounts that can be protected, which currently doesn't include Microsoft. The list of services will expand in time, the firm said.

On the other side, even if one account falls, LogDog could be used to slow or stop what are called 'rolling attacks' where hackers breach one account and then try the same password and user name on many others.

As innovative and potentially useful as LogDog appears, life in the free zone of mobile apps is harsh. Users take sometimes complex services for granted and are merciless when it comes to picking on any flaws they find. Time will tell for LogDog, but another security startup has lift-off.

Join the CSO newsletter!

Error: Please check your email address.

Tags EvernoteInstagramdropboxsecurityLinkedIntwitterorangeinternetFacebookYahoo

More about DropboxEvernoteFacebookGoogleMicrosoftOrangeYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E. Dunn

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place