About Gavin Kim

Gavin Kim is an experienced business and marketing professional in the mobile industry and is particularly passionate about consumer electronics and innovative technologies that have the opportunity to truly make a positive difference in our lives. In his current role as Vice President and Chief Product Officer with NQ Mobile, Gavin is responsible for product marketing, strategy, and business operations, as well as advancing opportunities with strategic partners and customers around the world. Prior to joining NQ Mobile, Gavin held senior leadership positions at Microsoft, where he served General Manager for Windows Phone Product Marketing, and Samsung, where he was Vice President of Content, Services, and Enterprise Business for Samsung Telecommunications. He has also held senior roles at Advanced Technology Ventures, an early-stage venture fund, where he focused on investments in mobile and media software companies, as well as with Motorola Mobile Devices where he led product operations. Gavin holds an M.B.A from Kellogg School of Management at Northwestern University and a Bachelor’s Degree in engineering from Cornell University. Gavin lives in Dallas with his wife and daughter and enjoys spending downtime with his family and sneaking in a round of golf or two in his spare time.

Why the Smartphone’s Not Dead Yet…neither is the TV nor the PC

Have you read the news? The PC is dead!

It seems that every few months, we read that some technology or another has reached obsolescence. This month, the tech community is aflutter with the news that the PC is dead. Blackberry is failing, Dell is in the dumps, and sales have shown their greatest decline in 20 years.

But obituaries for almost any technology are greatly exaggerated. Music is a good case in point. Ask nearly anyone and they’ll tell you the LP is dead, but the reality is that sales of vinyl records were up 16.3 Percent in 2012 and on their way to another record-setting year. The true story isn’t of death, but of rebirth, and that couldn’t be truer than for today’s independent musicians who have countless options for digitally selling, promoting and distributing their music. It is analogous to what we are seeing with the PC. Has physical music retailing died because artists are selling their songs through Bandcamp or iTunes? Hardly – if anything, it democratizes the selling process for artists.

Browsing for vinyl at Amoeba Records

Jared Kelly via Compfight

PC sales are in decline – that’s true. But I still use a laptop on a daily basis, as do most people I know. Yes, my most recent purchase was a tablet, but there are some tasks that are simply more suitable to a PC. Video editing, graphic design, hard-core gaming, creating presentations, spreadsheets, and even writing are just better on a PC.  Even though I may not carry my laptop with me as much as I used to, that doesn’t mean I don’t need it. And if it breaks, I will buy another.

When you think about it, the PC isn’t dying as much as it is getting a longer life. As prices for components have decreased and the ability to swap out hard drives and update operating systems has increased, there just aren’t as many reasons to buy a new PC. Meanwhile, that tablet I just bought is bound to be outclassed by the-next-big-thing within the few months. Or I may drop it and break the screen. Or it may get stolen.  In fact, I may go through 3 or 4 tablets in the time between now and when I feel the need to replace my PC.

A similar story can be told with smartphones. According to comScore’s latest MobiLens report, The US is now at 55% smartphone penetration. As Henry Blodget explains in depth in an insightful post, once the halfway mark is crossed, we should expect incremental growth to decline, and once the market is saturated, unit growth will flatten. Yes, some people will break their phones or lose their smartphone, and then they’ll need a new one, but the explosion will be over.

Part of the issue is exactly what criteria we use to define the hardware we use. A PC is a personal computer. This is a definition based on functionality. A tablet is flat and has a touch screen. This is a definition based on form factor. As it becomes more common to add keyboards and other peripherals to a tablet, at what point does that tablet cross the line to be considered a personal computer?

Giant tablet is giant

ScaarAT via Compfight

“Smartphone” is hardware defined by its function. It’s called a smartphone because we can make calls on it as well do a host of other things like watch movies, surf the internet and use applications. As the number of things we can do with our smartphones increases, the amount of time we spend using them to actually make calls is decreasing. If I never use my phone as a phone, does it become a tablet? What if I use my tablet to make Skype calls? Is it then just a big smartphone?   And, have you seen the size of the screens on the Samsung Galaxy Note 2  – a phablet?

We can even throw TV – another piece of hardware whose demise has been projected – into the mix.  But as IFC President Evan Shapiro noted:

Once a decade, conventional wisdom decides that television will be killed off by a new technology. The VCR was going to destroy the Television Business. Then the DVD. Next, the DVR was going to ‘ruin the ecosystem.’ Yet, to date, each of those predictions have been, well, wrong. To date, nothing has killed, or even seriously wounded television.

Is TV a function or a form factor? Or is it neither? Most often, when we talk about television, we’re really talking about a service. And that service has evolved remarkably over the years. The current conversation surrounds cord cutting.  50 years ago, when television was broadcast, there weren’t cords to cut.

Television is perhaps the best model for these types of conversations. It’s not the story of one form factor. It’s a story of evolution and innovation, one of building and growing of a complete ecosystem. The actual hardware itself may have gotten the story started, but the history is still being written.

Perhaps the same is true of phones and tablets and PCs. In another 50 years, perhaps none will be gone, we just may not recognize them.

It’s not paranoia if they’re really out to get you


By now, most everyone has heard the story: on April 23rd, the AP’s twitter account was “hacked.” The tweet, which was a fairly obviously fake, still managed to send Wall Street into a panic. The Dow Jones Industrial Average dropped 145 points in 2 minutes.

The media flurry following this recent “attack” centered around the effect of social media on world markets. One little piece of misinformation had the power – albeit incredibly temporary – to spur a stock sell-off and make the dollar tumble.

What hasn’t been widely discussed is that this wasn’t the result of hacking like most people think about hacking. It was the result of carefully executed, targeted phishing campaign, or as it’s now called, “spear phishing.” The offending email looked legit. It didn’t come from a Nigerian prince. It wasn’t full of grammatical errors. Instead, it was a sophisticated message that targeted a specific group of people with a link relevant to them and appearing to come from a colleague. And it was a good enough fake that someone fell for it. And the rest is history.

The Reality of the Threat Landscape

So why is this important? It highlights the reality of the threat landscape.

The week prior to the AP spear-fishing attack, my company, NQ Mobile, released our 2012 and Q1 2013 mobile threat reports. The key takeaways of those reports were:

  • The number of threats is increasing
  • Threats are getting more and more sophisticated
  • Social Engineering tactics are increasingly being leveraged by malware developers
  • One of the main methods of infection is through malicious URLs

The AP Twitter hack gives us a perfect example of where things are headed. And that was executed, we assume, through a PC. Such a threat would be even more difficult to detect from a mobile handset. On a PC, the real URL will generally display when you hover your mouse over it, regardless of the text of the link. On a mobile device, the URL is generally concealed, making this type of scam incredibly easy to fall for.

When mobile security companies such as NQ Mobile release reports of malware discoveries, we often get accused of “fear mongering.” NQ Mobile’s Security Labs includes over 200 security experts. In addition to discovering and breaking apart new forms of mobile malware, our experts investigate key communication and collaboration channels populated by hackers and malware authors. It’s through these inspections that we spot trends or new malware tricks before they can be pushed out to smartphone users around the world.

It’s in these forums, IRCs and newsgroups where NQ Mobile has discovered a troubling trend. While it likely hasn’t affected you, we’re offering the example as proof that these threats are real. Let me introduce you to the “Carder Kids.”

Young hackers, aged 13-20, are using a combination of mobile malware and social engineering to scrape credit card numbers, PayPal logins and other financial data from mobile devices. This information is then sold to “money mules” whose expertise lies in turning “virtual money” into real money.

NQ Mobile’s “Dark Web” experts have been chatting with these carders on underground forums where they buy and re-sell the bricks necessary for their scams. While they are located all over the world, we find a predominance coming from Russia and Eastern Europe domains in particular. Think Anonymous and you get an idea of the structure – there is none. Most don’t have any links to organized crime. Some even have “real” jobs and are just cloning credit cards for extra cash. In fact, most of these young hackers make very little money from carding.

So how does it work? Generally, “getting carded” starts with malware that will pirate a device’s contact book, notes (where people frequently store account data) and SMS data. This data is then used by hackers to socially engineer SMS and email spear phishing scams. When they collect sensitive financial data, it is frequently placed on the open “dark markets” for bidding and/or purchase by the “carders” who then sell the information to the “money mules.”

Money mules are generally older than the “carder kids,” but they have the skills needed to turn virtual money into real cash. They are most interested in account and CVV data along with full card “dump” files. A dump file contains all the data that is stored on your credit card’s magnetic strip. What might surprise you is that the mules actually transfer their financial rewards into legal bank accounts!

Full credit card information, PayPal logins, etc., are bought and sold in underground markets for anything between $2 and $5 each, usually using e-gold for payment. Most of the credit cards are bought by packs.

Then there is what we call “dumping.” This is when a fraudster steals credit or debit card information to commit financial fraud in a person’s name. In most instances this type of data is physically collected rather than through the Internet and or mobile. The card information, for example, can be skimmed almost anywhere and at any time – some of the more popular skimming locations are shops, restaurants, railway stations, gasoline stations and ATM machines. This card information is then sold on the dark market as “dumps.”

The point of the story is that mobile security isn’t just about protecting you from viruses. Threats don’t only come in the form of malicious applications that one inadvertently “sideloads” onto his or her device. Mobile security is also about making sure your data is protected.

It doesn’t matter whether the economic climate is good or bad, there is always a market for fraud. The marketplace for carding is growing and will continue to grow. And as the engineers behind these types of attacks get smarter and smarter, we can only expect to see them more and more often.