Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not a subscriber? Subscribe now for unlimited access to online articles.

Business Report

Looking Out for Mobile Data

Three hackers seeking to improve smart-phone security decided to forge their own path. Now their company boasts 10 million users.

In 2004, three students at the University of Southern California shook up the world of mobile phones. The three hackers—John Hering, Kevin Mahaffey, and James Burgess—found a vulnerability in certain Nokia cell phones’ Bluetooth connection to wireless headsets, which could let eavesdroppers listen in on phone calls. But, according to Hering, Mahaffey, and Burgess, Nokia didn’t take the problem seriously because Bluetooth communications have such a short range—generally about 30 feet. To drive home that the flaw needed fixing, the trio created a rig to sniff signals from more than a mile away. They mounted the hardware on a rifle stock, dubbed their contraption the “BlueSniper rifle,” and demonstrated it at the Defcon security conference that year.

Lookout: Mobile Security’s Kevin Mahaffey (left) and John Hering (right) show off their “BlueSniper rifle,” which helped them establish a reputation in mobile security. Hering serves as Lookout’s CEO; Mahaffey is CTO.

“It was our belief that these devices would become the future of computing at some point and that software and software vulnerabilities were a big deal,” Hering says now. “And our goal was to change the mindset of those people tasked with building the software.”

Hering and his partners are continuing to forge their own path in the emerging field of mobile security with the company they founded in 2007, now called Lookout Mobile Security. Traditional computer-security companies, which sell subscriptions for software intended to protect PCs from spyware and viruses, have been predicting for years that similar scourges will soon begin to infect mobile phones. But malware on smart phones is not a significant problem yet, as the Lookout team realized. So instead they focused on helping consumers secure their devices in other ways. The Lookout app allows data on a phone to be managed remotely, for example, or it can locate a lost or stolen phone. The app (which is available on Android, BlackBerry, and Windows Mobile phones) also lets people oversee the other applications on their phones according to specific security criteria, such as which programs use the phone’s location data. “We decided to build a software product,” says Mahaffey, who serves as chief technology officer. “We did not want to sell through fear.”

The basic version of the app is free; Lookout makes money by selling a premium version. The company says its software has 10 million users; a “low single-digit” percentage of them pay for the premium version. Lookout itself employs 55 people and has raised $36.5 million in funding.

The company has focused on details such as streamlining the user interface of its app, and developed it expressly for mobile devices, rather than retrofitting business-computer software, says Chenxi Wang, vice president and principal analyst at Forrester Research. “What Lookout has done, which is remarkably simple but somehow has eluded the other vendors, is the fact they’ve designed their products for the iPhone-age consumers,” she says.

Although antivirus companies such as McAfee continue to warn that malware is a potential threat to smart phones, it has yet to become a huge problem. In fact, some security researchers argue, it should never be a problem, because of differences between the mobile and PC platforms. Applications for Apple’s iPhone, for example, all come from the App Store. Phones that use Google’s Android can download software from anywhere, but Google is able to remove programs remotely. “If we really need antivirus on current smart phones, something really went wrong,” says Collin Mulliner, a PhD student at the Technical University of Berlin, who knows Hering and Mahaffey from their Bluetooth research days.

Attackers are, however, starting to exploit the particular weaknesses of smart phones, and Lookout has to regularly update its service to detect the latest known threats. In February, a Trojan horse known as DroidDream infected hundreds of thousands of Android phones. Lookout detected other programs in the Android app marketplace with the same malicious code and notified Google. In May, the same attacker tried again with a simpler version, known as DDLite, and Lookout blocked it again.

Despite the battle between malware writers and companies like Lookout, the problem of malware is a sideshow compared the bigger problem of device management, says Andrew Jaquith, chief technology officer of Perimeter E-Security and a former analyst who covered the mobile market. “In the end, it is management that is wagging the dog, not security,” Jaquith says. “And in that space, in terms of implementation, there’s Lookout and then there’s everyone else.”

AI and robotics are changing the future of work.  Learn from the humans leading the way at EmTech Next 2019.

Register now
Next in this Business Report
Securing Data

In June, Business Impact will show why information security isn’t an issue only the IT department needs to worry about. We’ll explore why companies still struggle to secure data—from theft or loss—even after all the attention given to costly data breaches and hacking attacks. We’ll analyze fresh ideas for improving security in the cloud and on mobile devices and explain what smart companies are doing.

Want more award-winning journalism? Subscribe to MIT Technology Review.
  • Print + All Access Digital {! insider.prices.print_digital !}* Best Value

    {! insider.display.menuOptionsLabel !}

    The best of MIT Technology Review in print and online, plus unlimited access to our online archive, an ad-free web experience, discounts to MIT Technology Review events, and The Download delivered to your email in-box each weekday.

    See details+

    12-month subscription

    Unlimited access to all our daily online news and feature stories

    6 bi-monthly issues of print + digital magazine

    10% discount to MIT Technology Review events

    Access to entire PDF magazine archive dating back to 1899

    Ad-free website experience

    The Download: newsletter delivery each weekday to your inbox

    The MIT Technology Review App

  • All Access Digital {! insider.prices.digital !}*

    {! insider.display.menuOptionsLabel !}

    The digital magazine, plus unlimited site access, our online archive, and The Download delivered to your email in-box each weekday.

    See details+

    12-month subscription

    Unlimited access to all our daily online news and feature stories

    Digital magazine (6 bi-monthly issues)

    Access to entire PDF magazine archive dating back to 1899

    The Download: newsletter delivery each weekday to your inbox

  • Print Subscription {! insider.prices.print_only !}*

    {! insider.display.menuOptionsLabel !}

    Six print issues per year plus The Download delivered to your email in-box each weekday.

    See details+

    12-month subscription

    Print magazine (6 bi-monthly issues)

    The Download: newsletter delivery each weekday to your inbox

/3
You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.