Paul Miller, managing director of mobile and wireless for Symantec Corp, is no slouch when it comes to reacting to computer viruses and malware that suddenly appear, multiply and wreak havoc worldwide. But even he was surprised by what became available for download from a Thai Web site this past June: a spy application for mobile phones that could be used to track the movement of individuals, secretly listen to their conversations and even surreptitiously photograph or videotape their activities. And these actions could be undertaken, unknown to the mobile device owner, even when the phone was off.
'This kind of snoopware is a real invasion of privacy because the phone is always with you,' says Miller. 'And if you are infected, you have no idea when it is being activated.' The only way to insure your privacy is to disable the phone by removing the battery.
Financial impact
Such snoopware applications may have uses in tracking children (or errant spouses), but what Miller and other security experts fear is that its real impact will be in the financial sector.
Downloading such an application to a top executive's mobile device could open the door to secretly accessing countless high-level meetings, overhearing hundreds of top-secret conversations and even accessing and photographing tons of proprietary information. And, Miller adds, just think of the legal and financial damage it could inflict on an unwitting business executive who unknowingly became the conduit for the public release of such information.
It's just one example of a trend security company executives see developing in the mobile sector: The growth of more sinister applications and viruses aimed at more sophisticated devices that capitalize on individuals' growing use and comfort with mobile phones and PDAs.
'Your phone is always with you,' Miller notes. 'How often in the course of the day is your mobile phone not in the same room you are‾' So it can easily become a convenient entry point for identity theft, home banking fraud or unauthorized entry into a secure corporate network.
Such concerns keep Miller and other security company executives worried. 'That device on your hip is really a computer, not just a phone,' Miller says. The developing security challenge is to make sure it doesn't become a channel to break into secure corporate enterprises.
That's also a major concern for Todd Thiemann, director of device security for Trend Micro, another global security company. 'The threats we are facing can quickly speed across the world.'
Because operating systems like Symbian and Microsoft Windows Mobile are the most widely used, they've attracted the most attention from hackers and malware developers. He has noticed the growth of malware applications that can be secretly installed on devices to track phone calls and SMS messages. Thiemann says that so far, much of this activity has been limited in scope and impact. 'The threat we see today is more proof-of-concept, rather than impacting thousands of devices,' he says. But that could change as the devices and the hackers both become more sophisticated.
Both Symantec and Trend Micro have introduced updated security and antivirus products designed to protect mobile devices as the latest threats migrate from the PC environment. But to be effective, mobile users have to become aware that they are vulnerable to a growing number of external threats - and that as their phone grows in capability, so does the threat.
Carriers, enterprises and the handset manufacturers themselves are all playing an increasingly aggressive role in protecting mobile devices. But the growing number of threats, the increased functionality the smart devices provide and the extreme portability they empower are factors that work against effective centralized control.
Ultimately, the security exerts warn, the responsibility for protecting mobile devices will rest with the customer. The question is, will the customer recognize this before the first true worldwide mobile virus hits‾