04:12 PM
Connect Directly

Smartphone Security Startup Offers Free Beta

Product to mix lightweight mobile client with cloud-based security, backup, and anti-theft features

A new security startup officially launched today that plans to offer an Internet security suite for smartphones by blending a lightweight client and the cloud.

Lookout received $5.5 million in a Series A round of funding from Khosla Ventures, Trilogy Partnership, and angel investors, including Phil Paul, founder of Paul Capital Partners, Chris Sacca, former head of special initiatives at Google, and Joseph Ansanelli, former CEO and co-founder of Vontu.

"It's no longer about just the computer on your desk; there's a computer in your pocket," says John Hering, co-founder of Lookout, formerly Flexilis, a mobile and wireless security R&D firm. "And it comes with a host of security challenges. After spending a lot of time researching the problem, we decided to go ahead and develop the software to tackle it."

Lookout is currently beta-testing its first product, a consumer offering that uses both blacklisting and whitelisting approaches for malware protection and protection from malicious applications, firewall and IDS, data backup, and recovery and phone management, as well as a way for mobile users to locate and protect smartphones gone missing. Hering says it uses a combination of a lightweight client with a cloud-based service to eliminate performance and other issues that, for instance, drag down PCs.

"This software is cross-platform and is cloud-connected. It protects you from threats like malware, spyware, attacks, and hackers, and protects data itself because we back it up into a secure server," Hering says. "We also protect the device, including 'wiping' it if you can't recover it. And it's all wrapped up in a way that you can manage the device over the air from a Web application."

Lookout is currently offering a beta of the software via a free download for Windows Mobile, Android, iPhone, and BlackBerry. The company plans a full rollout in early 2010 for all platforms, followed by an enterprise version of the software in late 2010 or early 2011.

Security experts say Lookout has come up with a novel approach for locking down smartphones, which increasingly are becoming attractive targets for the bad guys.

"Mobile security isn't about putting old concepts on new devices. It's about rethinking the idea of security and what it means for mobile phones," says Robert Graham, CEO of Errata Security.

Graham says the big difference with Lookout's approach versus the mobile antivirus offerings from AV vendors is that it treats viruses differently and addresses more likely mobile threats. "For example, more people will lose their phones in the next year than will catch a virus. These guys have a solution to that problem -- AV companies don't," Graham says.

Lookout's Hering says his company's product doesn't take the traditional PC anti-malware approach. "Ours protects against the threats facing mobile devices," he says. But he expects to go head-to-head with the big AV vendors, like Symantec and McAfee, in this emerging smartphone security market.

As for whether consumers are ready to get serious about smartphone security yet, Hering says they're starting to realize these devices are basically computers. "Smartphones are mini PCs and need to be protected like your desktop is," he says. "Users are browsing the mobile Internet, downloading apps. Now they are downloading more on their phone than on their computers."

While most attacks on smartphones thus far have been proof-of-concepts or relatively harmless and not widespread, Hering says all that will soon change. The difference will be that smartphone attacks will begin at the applications, and then from the mobile Web, he says. "And of course we'll continue to have easily lost [devices]," he notes.

Lookout's enterprise product will have much of the same core security features and technologies, but with more management capabilities and advanced security policies and functions, he says. "Our focus is security, and we will likely interact closely with other mobile device management technologies," he says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-11-23
Unspecified vulnerability in the JPublisher component in Oracle Database Server,,,, and allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4...

Published: 2014-11-22
Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 9.3.0 before FP8 allows remote authenticated users to cause a denial of service (CPU consumption) via a '\0' character.

Published: 2014-11-22
IBM Security Network Protection 5.1 before FP13, 5.1.1 before FP8, 5.1.2 before FP9, before FP5, 5.2 before FP5, and 5.3 before FP1 on XGS devices allows remote authenticated users to execute arbitrary commands via unspecified vectors.

Published: 2014-11-22
Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding...

Published: 2014-11-22
The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?