Mobile phones are like computers these days. So if you can do with a phone what could only be done on a computer before, then hackers can to.
Mobile phones have become more vulnerable to traditional computer menaces like hackers and viruses. Russian anti-virus company Kaspersky Lab has reported on a new malicious program that stole money by taking over Nokia phones and making small charges to the owners’ wireless accounts. Recently, an Australian student created a worm that spread through “jailbroken” (altered to run software Apple has not authorized) iPhones. The worm did not cause any damage, it uploaded a photo of ’80s pop star Rick Astley. To security experts, this suggested that cyber attacks on iPhones are possible. Where there are security threats, there are always money-hungry cyber crooks looking to capitalize on the innocent.
Earlier in December, Khosla Ventures, a prominent Silicon Valley venture capital firm, led an investment group that injected $5.5 million into a fledgling security start-up called Lookout. Lookout is set to introduce security applications for the BlackBerry and iPhone after testing security software for phones running the Windows Mobile and Android operating systems. The software protects phones against rogue programs and gives phone owners the ability to remotely back up and erase the data on their phones.
A basic version of the software is free, while the company plans to charge a monthly subscription for a version with more features. It feels a lot like it did in 1999 in desktop security, according to John Hering, Lookout’s 26-year-old chief executive, who for years has done research demonstrating security vulnerabilities in phones. Hering says people are using the mobile Web and downloading applications more than ever before and there are threats that come with that.
Lookout represents the latest attempt to build a new business that capitalizes on the surge of smartphones. Thousands of companies making mobile games, shopping tools and other programs have sprung up in the last two years as the iPhone, in particular, has taken off. Lookout and its investors believe this is the right time to get into the market. The rules of mobile are different, says Vinod Khosla, founder of Khosla Ventures, which also recently invested in Square, a mobile payments start-up. He says phones are people’s most personal computer, and needs to be protected.
Companies like Research In Motion, who made the BlackBerry, and Good Technology, a Silicon Valley-based mobile messaging firm, already offer mobile security tools, but their systems are aimed at businesses. Security firms like Symantec also have mobile security divisions, and a five-year-old company, Trust Digital, based in McLean, Va., has set its sights on this market.
Lookout says it can address the unique challenges of protecting cellphones, like preserving battery life. While the company will not give details, it says it has figured out how to get its software to work on the iPhone, which does not allow non-Apple programs to operate in the background, as security software typically does. Hering and his co-founder, Kevin Mahaffey, have been publicly demonstrating the weaknesses of mobile phones for some time.
In 2005, they camped outside the Academy Awards ceremony in Hollywood and scanned the phones of stars walking the red carpet, using a short-range Bluetooth wireless connection. They found that as many as 100 of the phones were vulnerable to hacking over such a connection. That year, at the Black Hat security conference in Las Vegas, they hacked into a phone over a mile away using Bluetooth.
Lookout’s founders and backers concede that for now, snoops and bad guys pose much less of a threat to cellphones than to PCs. But they believe there is an immediate need for software that preserves and protects a phone’s data, from email to corporate information, and they say current systems do not work when a family or business has multiple types of cellphones on various wireless networks. For instance, a small business could install the Lookout software on many different types of devices, back up all the data and remotely erase a phone if, say, an employee leaves it in a cab.
Jeff Moss, a security expert and organizer of the Black Hat conference, said mobile security had historically been a solution in search of a problem. But he said that mobile viruses had recently become more common in Asia. His own Nokia N97 phone even caught a bug recently, but the software he was running from F-Secure, a Finnish security company, caught it in time. Moss says the tipping point will be when we start using phone to shop and conduct banking, because the more we do with a phone, the more valuable a target it will become.