The co-founders of a cellphone security company, Lookout: Kevin Mahaffey, left, James Burgess, center, and John Hering.
Last month, an Australian student created an experimental worm that hopscotched across “jailbroken” iPhones, which are phones altered to run software Apple has not authorized. The mischievous worm did not cause any damage; it just installed a photo of the ’80s pop star Rick Astley. But to security experts, it suggested that pernicious attacks on iPhones are possible.
Where there are perceived security threats, there are always entrepreneurs and investors looking to capitalize on them — and build profitable businesses. This month Khosla Ventures, a prominent Silicon Valley venture capital firm, led an investment group that injected $5.5 million into a fledgling security start-up called Lookout.
Lookout, based in San Francisco, was previously a consulting firm called Flexilis run by recent graduates of the University of Southern California. Now it wants to be the security giant of the mobile world, similar to the role Symantec plays in the PC market.
This year, Lookout began testing security software for phones running the Windows Mobile and Android operating systems, and it will soon introduce security applications for the BlackBerry and iPhone. The software protects phones against rogue programs and gives phone owners the ability to remotely back up and erase the data on their phones. It also lets them track the location of their handset on the Web.
A basic version of the software is free, while the company plans to charge a monthly subscription for a version with more features.
“It feels a lot like it did in 1999 in desktop security,” said John Hering, Lookout’s 26-year-old chief executive, who for years has done research demonstrating security vulnerabilities in phones. “People are using the mobile Web and downloading applications more than ever before, and there are threats that come with that.”
Lookout represents the latest attempt to build a new business that capitalizes on the surge of smartphones. Thousands of companies making mobile games, shopping tools and other programs have sprung up in the last two years as the iPhone in particular has taken off. Lookout and its investors believe this is the right time to get into the market.
“The rules of mobile are different,” said Vinod Khosla, founder of Khosla Ventures, which also recently invested in Square, a mobile payments start-up. “This is people’s most personal computer, and it needs to be protected.”
Companies like Research In Motion, maker of the BlackBerry, and Good Technology, a Silicon Valley-based mobile messaging firm, already offer mobile security tools, but their systems are aimed at businesses. Security firms like Symantec also have mobile security divisions, and a five-year-old company, Trust Digital, based in McLean, Va., has set its sights on this market.
Lookout says it can address the unique challenges of protecting cellphones, like preserving battery life. While the company will not give details, it says it has figured out how to get its software to work on the iPhone, which does not allow non-Apple programs to operate in the background, as security software typically does.
Mr. Hering and his co-founder, Kevin Mahaffey, 25, have been publicly demonstrating the weaknesses of mobile phones for some time. In 2005, they camped outside the Academy Awards ceremony in Hollywood and scanned the phones of stars walking the red carpet, using a short-range Bluetooth wireless connection. They found that as many as 100 of the phones were vulnerable to hacking over such a connection.
That year, at the Black Hat security conference in Las Vegas, they hacked into a phone over a mile away using Bluetooth.
Lookout’s founders and backers concede that for now, snoops and bad guys pose much less of a threat to cellphones than to PCs. But they believe there is an immediate need for software that preserves and protects a phone’s data, from e-mail to corporate information, and they say current systems do not work when a family or business has multiple types of cellphones on various wireless networks.
For instance, a small business could install the Lookout software on many different types of devices, back up all the data and remotely erase a phone if, say, an employee leaves it in a cab.
Jeff Moss, a security expert and organizer of the Black Hat conference, said mobile security had historically “been a solution in search of a problem.” But he said mobile viruses had recently become more common in Asia. His own Nokia N97 phone even caught a bug recently, though software he was running from F-Secure, a Finnish security company, caught it in time.
“The tipping point will be when we’re using the phone to shop and conduct banking,” Mr. Moss said. “The more you do with the phone, the more valuable a target it becomes.”