Mobile Hacking Sets Off Security Gold Rush

By Leila Abboud and Marie Mawad

PARIS (Reuters) - Hackers are increasingly aiming attacks at smartphones, touching off a race among software giants, start-ups and telecom operators seeking to cash in on ways to help consumers protect themselves.

As the previously fragmented smartphone market coalesces around big operating systems like Apple's iPhone and Google's Android, it has become a more attractive target for hackers seeking to maximize damage with one hit.

That's creating a big business opportunity for everyone from traditional antivirus players like Intel's McAfee to mobile operators like France Telecom and handset makers like Nokia.

Market research firm Infonetics forecasts sales of mobile security software will grow 50 percent a year through 2014 to hit $2 billion.

"The mobile security market will one day be bigger than that of computers," Neil Rimer, co-founder of Geneva-based fund Index Ventures, said at the Reuters Global Technology Summit. "It's a no-brainer that people will pay to protect their devices, and the market will not be owned by one big player."

Rimer's fund has invested in three-year-old start-up Lookout Mobile Security, which has racked up more than 2 million users by selling its software on Google's Android Market and via partnerships with operators like Verizon.

Hackers attack mobiles in a myriad of ways. They can force phones to send hundreds of texts to paying services, steal account information when a person uses their bank website, or make fake phone calls to long distance numbers.

The "app' craze in which people download small bits of software to do everything from play games to search movie times has also opened up new opportunities for cyber-criminals to infect phones.

Unlike Apple, which reviews and approves all the offerings on its App Store, Google's Android Market allows developers to post their apps directly. That more open approach could leave Android more vulnerable to attack, according to security experts.

The first significant security breach hit the Android Market in March when hackers added malicious code, known as a Trojan, to 58 popular apps and quickly infected 250,000 phones. According to a blog post from Google's Android security head, the company was forced to use its 'kill switch' to remotely erase the apps from users' phones and issued an update to its Android Market to patch the hole the hackers exploited.

A recent study by telecom gear maker Juniper Networks found a fourfold increase in malware targeted at Android's operating system from June last year through January, while overall mobile attacks more than doubled.

"We've seen issues on all platforms, Nokia's Symbian, Apple's iOS and Android," said John Hering, Lookout's founder.

Some industry executives believe that the creators of operating systems bear much of the responsibility to safeguard smartphones.

"The platform itself needs to provide a sufficient level of security then we can help with software," said Florian Seiche, who heads the European region for Taiwanese smartphone maker HTC.

Meanwhile telecom operators are also trying to take a piece of the mobile security pie. Some 40 telecom operators including Vodafone and TeliaSonera have signed deals with mobile security specialist F-Secure to offer anti-virus software and anti-theft protections to smartphone customers.

"Operators are very interested in offering security as a service to their customers as a way to generate revenue and promote customer retention," explained Sean Obrey, F-Secure's head of operator business development.

These packages can cost anywhere from 5 to 10 euros a month, said Obrey.

Eric Edelstein, head of Internet and mobile security at France Telecom said the group was tailoring its mobile security products and services to its different markets.

The group, which markets its services under the brand name Orange, pre-packages security software on some smartphones in Britain, sends text messages to users with infected phones in Poland, and offers security services to its French customers for 3 to 9 euros a month.

But some think it will take a major virus or worm on mobiles before consumers will be willing to pay extra for security protection on their phones as they do on their personal computers.

"When you start asking them what's your willingness to pay for a solution, if they're not a little frightened, their willingness to pay is nothing," said John Stankey, the head of AT&T's enterprise business.

AT&T plans to start marketing a security offering to consumers next year, Stankey said at the Reuters summit.

"It'll take a little time for this to go mass market."

(Additional reporting by Sinead Carew; Editing by Hans Peters)

Copyright 2011 Thomson Reuters. Click for Restrictions