SAN FRANCISCO--, John Hering and Kevin Mahaffey demonstrated an SMS attack targeting a variety of smartphones at a security show. This week they are launching a company, with backing from some heavyweight investors, that will offer a fix for that problem, as well as protect smartphones from many other security issues.
Lookout has received $5.5 million in Series A funding from Khosla Ventures, Trilogy Partnership, and angel investors including Phil Paul, founder of Paul Capital Partners; Chris Sacca, former head of special initiatives at Google; and Joseph Ansanelli, former chief executive of Vontu.
Lookout is a cross-platform, Internet-connected application that offers advanced security and backup services, as well as the ability to locate devices that go missing or get stolen, and over-the-air management capabilities. The service is currently in private beta in more than 170 countries across 400 mobile networks, Hering, Lookout's chief executive, said in an interview.
It will be offered publicly on a subscription basis in early 2010 and an enterprise version will come later in 2010 or early 2011, he said. Pricing will be announced later.
Hering, Mahaffey, and the third co-founder, James Burgess, all met while attending the University of Southern California, and have honed their skills in the mobile space over the past five years, initially calling the company Flexilis.
They conducted research, helped handset makers with diagnostic tools, and discovered vulnerabilities in mobile devices and software--including uncovering a serious hole in the iPhone's implementation of Bluetooth in 2007 and hitting a world record by hacking a mobile phone from more than a mile away via Bluetooth in 2004.
With the funding and name change comes a move to San Francisco from Orange County in Southern California. The twentysomething executives were busy interviewing prospective employees in their sparse, new offices in the South of Market area in San Francisco. They have taken over part of the offices formerly occupied by Twitter.
"Hopefully, the Twitter luck will rub off on us," Hering said, as he gave a tour of the digs.
The Lookout software is downloaded to the device and gets updates and backs up data in real-time via Lookout servers in the cloud. Antivirus and firewall software protects against electronic threats such as hackers, malware, and spyware. A dashboard allows for easy management of multiple devices.
Security veterans like Symantec and McAfee, as well as a host of smaller companies, are quickly moving into the mobile security space. But Hering isn't worried.
"Other companies offer a more PC-based approach," he said. "We're protecting the device and data, and we're multi-platform."
Lookout silently blocks malware in the background, but particularly serious threats prompt a notification to the user. The software also will protect against bad or unauthorized apps that might be downloaded, and attacks attempted via Wi-Fi or Bluetooth.
The missing device locator function will most definitely attract attention. If the device is lost, the owner can use the Web app to make it "scream," and a truly obnoxiously loud siren will sound that will annoy everyone within earshot. If the device is set to silent or mute mode, the scream feature overrides that.
For people who think their device may have been stolen and want to track it down, there is a nifty way to trace it via an online map. Device owners can pull up the Find My Device Web app to see the approximate location of the device on a map, and either lock the device so no one can use it or access the data, or wipe the data entirely. If the device is recovered, the data is easily restored. A combination of Global Positioning System, cell tower, and Wi-Fi technology is used to track the devices.
For backup and recovery purposes, the data and settings on the device can be set to what they were at any point of time in the past, and data can be transferred to other devices.
As phones become increasingly powerful computers and storage devices that accompany users everywhere, they become even more attractive targets for attackers and thieves.
"Smartphones are the next computing platform," Hering said. "Ultimately, I think this will be the primary platform. It's in my pocket, and goes everywhere with me. There are not many computing devices that have that power and personal connection."