Logo: University of Southern California

Is Brad Pitt's Phone at Risk?

How a USC Viterbi alumnus keeps our mobile devices safe
By: Katie McKissick
November 08, 2013 —

The red carpet at the 2005 Academy Awards: Hollywood royalty wearing Versace ball gowns and Dolce & Gabbana tuxedos parade in front of an endless sea of camera flashes and handheld microphones with reporters asking, “Who are you wearing?” and “Who do you think will win for best actress? Reese Witherspoon or Judi Dench?"

Across the street from the Oscar hubbub, three USC students armed with a high-powered Bluetooth antenna scanned all the mobile phones within range to find those vulnerable to being hacked. They wanted to show that even powerful celebrities’ phones had a bug that allowed unauthorized Bluetooth devices to access them.

Kevin Mahaffey (BS EE '07), John Hering and James Burgess performed this stunt not to actually hack into Brad Pitt or other celebrities' phones, but to help keep that from happening.

When they discovered their first security gap in a Nokia 6310i phone that allowed for unauthorized Bluetooth access, as responsible security researchers, they disclosed the bug to Nokia. But to their surprise, Nokia declined to fix the security flaw, citing the claim that Bluetooth only had a range of 100 meters, so the problem was not worth fixing.

But the trio had already dispelled that myth a year earlier when the team went to the Santa Monica Pier with a device called the Blue Sniper, a powerful Bluetooth antenna gun. With this, they demonstrated that they had the ability to hack into a cellphone from just over a mile away.

There is a bargain in security research between vendors and researchers: if a researcher reports an issue to a vendor and they fix it, the security researcher does not disclose the vulnerability to the public until everything is fixed. However, as Mahaffey explained, “If you do not fix your vulnerability, the researchers get to give a talk at DEF CON, the world’s largest hacker conference.”

And DEF CON is an interesting venue for researchers concerned with mobile security. At this hacker conference, no one dares use the WiFi, as “DEF CON has the most hostile wireless network on the planet,” Mahaffey explained. This means the leading minds in computer programming and hacking switch gears entirely and take notes with pencil and paper.

USC Viterbi alumnus Kevin Mahaffey (far right) with fellow Trojans and Lookout co-founders James Burgess and John Hering

In 2007, Mahaffey, Hering and Burgess started Lookout, a mobile security company, in downtown Los Angeles and began making software to keep cellphones safe. This all transpired before the release of the iPhone and the successive wave of smartphones, so Lookout was ahead of its time. “The rest of the software world was building Facebook apps. We were this weird company doing cybersecurity in Los Angeles,” Mahaffey, the firm's chief technology officer, said.

But things sure have changed. Lookout went from filling an unknown niche in 2007 to serving 45 million users worldwide today.

Lookout works on iPhones, Android devices and Kindles. It keeps these handheld computers secure by scanning apps to make sure they’re safe to download, blocking malicious websites and protecting them from destructive software. If your device is lost or stolen, Lookout enables you to locate it on a map and send instructions for the device to make a loud sound, which will better allow you to locate it. If the phone or tablet cannot be recovered, Lookout can lock the device or wipe your personal data from it remotely.

Looking into the future, Mahaffey acknowledges the possibility of a world where we are increasingly connected to our devices and each other via insecure networks that can be hacked with disastrous consequences. But he wants to help keep that from happening.

“The alternative is a world where all of this technology can be used to make the world more efficient, to help education, to help bring people out of poverty, to help bring access to completely new technologies and products that never could have been built before. And our goal is to make sure that as the world gets more connected, it gets more secure instead of less secure.”

Mahaffey’s love of computer programming began in third grade when a fellow student showed him the basic terminal window on an Apple 2E computer. “I fell in love. You can type things in, and the computer does what you want it to? This is amazing!”

Years later, Mahaffey came to the USC Viterbi School of Engineering to study electrical engineering. Even as an undergraduate, Mahaffey had the entrepreneurial spirit.

“One of the things that attracted me to USC is that it’s one of the top entrepreneurial schools in the world. What I loved about it was that it was a very great technical education, but it also had a great social and interpersonal education while being entrepreneurial at the same time. It’s truly a great place for people choosing to go that path in life.”