Orange-backed Israeli startup LogDog has launched a new smartphone app it believes offers a way for users of services such as Gmail and Twitter to secure these accounts against hijacking by monitoring unauthorised access.
Described as being like "anti-virus for online accounts," the concept is so simple it surprising it's not been tried on any scale before. Today's monitoring services tend to be provided by and tied to specific services but LogDog works across different accounts including Gmail, Twitter, Facebook, Dropbox, Evernote, LinkedIn, Instagram and Yahoo.
After downloading the Android app (an iOS version is in development), account holders enter their credentials for each service (these are not transferred to LogDog), after which it monitors that account for unusual behaviour every few minutes. If it detects something suspicious it alerts the user via the app itself.
What trips its sensors? Unusual patterns might include access from a country or IP address not part of the user's profile as well as access from an unknown device or browser. It will also notice if there is a mismatch between the location of the smartphone running the app and the desktop used or if the account starts sending lots of email.
Alerted users are guided through a process (which we didn't test) to recover their account. Some false positives seem inevitable with this kind of service but over time a usage pattern should become established.
"Recent headlines highlighting the vulnerability of online information reinforces the importance of being proactive about guarding online accounts with tools that go beyond what big service providers can do," said LogDog founder and CEO, Uri Brison.
"LogDog is about putting control back in users hands and giving them the knowledge and power to protect their own information before major damage is done."
For this type of protection to work well, quick reaction is essential. If the takeover happens when a user is asleep or parted from their smartphone or computer, attackers have more time to change defaults. A recent Google study of manual account takeovers noted that most of the damage from the worst hijacks happen with 30 minutes of a breach.
Another limitation is the range of accounts that can be protected, which currently doesn't include Microsoft. The list of services will expand in time, the firm said.
On the other side, even if one account falls, LogDog could be used to slow or stop what are called 'rolling attacks' where hackers breach one account and then try the same password and user name on many others.
As innovative and potentially useful as LogDog appears, life in the free zone of mobile apps is harsh. Users take sometimes complex services for granted and are merciless when it comes to picking on any flaws they find. Time will tell for LogDog, but another security startup has lift-off.
Sign up for Computerworld eNewsletters.