Sprint Nextel is partnering with Lookout Mobile Security to help protect the personal information that the carrier's Android-based smartphone and media-tablet users store on their mobile devices. The goal is to protect mobile users from privacy invasions, identity theft, and financial fraud.
Lookout recently added a new safe-browsing feature to the premium edition of its mobile-security app that examines every web site in real time to verify its authenticity and alerts the user if it detects any phishing attempts or unsafe sites, according to Lookout Mobile Security CEO John Hering.
"Safe Browsing leverages our global threat-detection network that already protects millions of users from malicious apps," Hering said Wednesday. "By extending protection with safe browsing, mobile consumers can feel safe surfing the web, accessing e-mail and entering other personal information on their mobile device."
Emerging Mobile Threats
Lookout's free trial app will block viruses, malware and spyware as well as pinpoint the exact location of a lost or stolen phone on a map. Sprint customers can download the app from Android Market by clicking on Lookout Mobile Security within Sprint Zone or the Sprint tab in the Android Market.
In addition to the new safe-browsing feature, the premium edition of Lookout's app combines privacy protection with the capability to remotely lock and wipe a device, as well as back up and restore personal contacts, photos and call history from secure cloud-based storage.
Malware and phishing are threats that users should be concerned about, but so far Forrester Research hasn't seen many widespread incidents -- barring the Droid Dream attack last March that affected 260,000 Android phones, noted Forrester Vice President Chenxi Wang. "We do anticipate more phishing apps to occur as more and more transactional sites are becoming mobile-ready," Wang said.
Researchers at the University of California, Berkeley, believe mobile users are more vulnerable to phishing attacks because users have become accustomed to entering their passwords in familiar, repeated settings. "If users frequently encounter legitimate links whose targets prompt them for private data, then users will become conditioned to reflexively supply the requested data," explained Adrienne Porter Felt and David Wagner. "Forty percent of smartphone users enter passwords into their phones at least once a day."
Enterprise Advice
The Sprint-Lookout deal is designed to protect users' private information, whereas the subject of the UC Berkeley study is app spoofing -- the method behind the Droid Dream episode last March, Wang observed. So the two types of attacks on mobile phones are related but different, he said
"Lookout has this app called privacy adviser, which audits which apps are accessing and transmitting users' private information," Wang explained. "Lookout's solution may be able to detect rooting malware, but would do very little for the phishing scenario [presented in the UC Berkeley study], I believe, because the user credential, such as log-in information for a bank, is not the type of private information Lookout audits."
Enterprises will need to implement measures to protect against emerging mobile threats, such as managing mobile endpoints in the same manner that they would manage traditional PC endpoints -- meaning whatever protection they have on the PC endpoints should be replicated on the mobile endpoints, Wang advised.
"For example, if you encrypt PCs, you should encrypt mobile phones and tablets," Wang said. "If you run AV on the PC endpoints, you should expect to have some form of antivirus/malware capabilities on mobile endpoints at some point in the near future."
