With phones doing more, perils grow

Security market gears up for virus, hacking surge

— Mobile phones are becoming ever more like personal computers. That means they are also becoming more vulnerable to traditional computer menaces like hackers and viruses.

This year, the Russian antivirus company Kaspersky Lab reported on a new malicious program that stole money by taking over Nokia phones and making small charges to the owners’ wireless accounts.

Last month, an Australian student created an experimental worm that hopscotched across “jailbroken” iPhones, which are phones altered to run software Apple has not authorized. The mischievous worm did not cause any damage, it just installed a photo of the ’80s pop star Rick Astley. But to security experts, it suggested that pernicious attacks on iPhones are possible.

Where there are perceived security threats, there are always entrepreneurs and investors looking to capitalize on them - and build profitable businesses. This month Khosla Ventures, a prominent Silicon Valley venture capital firm, led an investment group that injected $5.5 million into a fledgling security startup called Lookout.

Lookout, based in San Francisco, was previously a consulting firm called Flexilis run by recent graduates of the University of Southern California. Now it wants to be the security giant of the mobile world, similar to the role Symantec plays in the PC market.

This year, Lookout began testing security software for phones running the Windows Mobile and Android operating systems, and it will soon introduce security applications for the BlackBerry and iPhone. The software protects phones against rogue programs and gives phone owners the ability to remotely back up and erase the data on their phones. It also lets them track the location of their handsets on the Web.

A basic version of the software is free, while the company plans to charge a monthly subscription for a version with more features.

“It feels a lot like it did in 1999 in desktop security,” said John Hering, Lookout’s 26-year-old chief executive, who for years has done research demonstrating security vulnerabilities in phones. “People are using the mobile Web and downloading applications more than ever before, and there are threats that come with that.”

Lookout represents the lat-est attempt to build a business that capitalizes on the surge of smart phones. Thousands of companies making mobile games, shopping tools and other programs have sprung up in the past two years as the iPhone in particular has taken off. Lookout and its investors believe this is the right time to get into the market.

“The rules of mobile are different,” said Vinod Khosla, founder of Khosla Ventures, which also recently invested in Square, a mobile payments startup. “This is people’s most personal computer, and it needs to be protected.”

Companies like Research In Motion, maker of the Black-Berry, and Good Technology, a Silicon Valley-based mobile messaging firm, already offer mobile security tools, but their systems are aimed at businesses. Security firms like Symantec also have mobile security divisions, and a 5-year old company, Trust Digital,based in McLean, Va., has set its sights on this market.

Lookout says it can address the unique challenges of protecting cell phones, like preserving battery life. While the company will not give details, it says it has figured out how to get its software to work on the iPhone, which does not allow non-Apple programs to operate in the background, as security software typically does.

Hering and his co-founder, Kevin Mahaffey, 25, have been publicly demonstrating the weaknesses of mobile phones for some time. In 2005, they camped outside the Academy Awards ceremony in Hollywood and scanned the phones of stars walking the red carpet, using a short-range Bluetooth wireless connection. They found that as many as 100 of the phones were vulnerable to hacking over such a connection.

That year, at the Black Hat security conference in Las Vegas, they hacked into a phone more than a mile away using Bluetooth.

Lookout’s founders and backers concede that for now, snoops and bad guys pose much less of a threat to cell phones than to PCs. But they believe there is an immediate need for software that preserves and protects a phone’s data, from e-mail to corporate information, and they say current systems do not work when a family or business has multiple types of cell phones on various wireless networks.

For instance, a small business could install the Lookout software on many different types of devices, back up all the data and remotely erase a phone if, say, an employee leaves it in a cab.

Jeff Moss, a security expert and organizer of the Black Hat conference, said mobile security had historically “been a solution in search of a problem.” But he said mobile viruses had recently become more common in Asia. His own Nokia N97 phone caught a bug recently, though software he was running from F-Secure, a Finnish security company, caught it in time.

Business, Pages 19 on 12/28/2009

Upcoming Events