In 2004, three students at the University of Southern California shook up the world of mobile phones. The three hackers—John Hering, Kevin Mahaffey, and James Burgess—found a vulnerability in certain Nokia cell phones’ Bluetooth connection to wireless headsets, which could let eavesdroppers listen in on phone calls. But, according to Hering, Mahaffey, and Burgess, Nokia didn’t take the problem seriously because Bluetooth communications have such a short range—generally about 30 feet. To drive home that the flaw needed fixing, the trio created a rig to sniff signals from more than a mile away. They mounted the hardware on a rifle stock, dubbed their contraption the “BlueSniper rifle,” and demonstrated it at the Defcon security conference that year.
“It was our belief that these devices would become the future of computing at some point and that software and software vulnerabilities were a big deal,” Hering says now. “And our goal was to change the mindset of those people tasked with building the software.”
Hering and his partners are continuing to forge their own path in the emerging field of mobile security with the company they founded in 2007, now called Lookout Mobile Security. Traditional computer-security companies, which sell subscriptions for software intended to protect PCs from spyware and viruses, have been predicting for years that similar scourges will soon begin to infect mobile phones. But malware on smart phones is not a significant problem yet, as the Lookout team realized. So instead they focused on helping consumers secure their devices in other ways. The Lookout app allows data on a phone to be managed remotely, for example, or it can locate a lost or stolen phone. The app (which is available on Android, BlackBerry, and Windows Mobile phones) also lets people oversee the other applications on their phones according to specific security criteria, such as which programs use the phone’s location data. “We decided to build a software product,” says Mahaffey, who serves as chief technology officer. “We did not want to sell through fear.”
The basic version of the app is free; Lookout makes money by selling a premium version. The company says its software has 10 million users; a “low single-digit” percentage of them pay for the premium version. Lookout itself employs 55 people and has raised $36.5 million in funding.
The company has focused on details such as streamlining the user interface of its app, and developed it expressly for mobile devices, rather than retrofitting business-computer software, says Chenxi Wang, vice president and principal analyst at Forrester Research. “What Lookout has done, which is remarkably simple but somehow has eluded the other vendors, is the fact they’ve designed their products for the iPhone-age consumers,” she says.