Paul Miller, managing director of mobile and wireless for Symantec Corp, is no slouch when it comes to reacting to computer viruses and malware that suddenly appear, multiply and wreak havoc worldwide. But even he was surprised by what became available for download from a Thai Web site this past June: a spy application for mobile phones that could be used to track the movement of individuals, secretly listen to their conversations and even surreptitiously photograph or videotape their activities. And these actions could be undertaken, unknown to the mobile device owner, even when the phone was off.
Such snoopware applications may have uses in tracking children (or errant spouses), but what Miller and other security experts fear is that its real impact will be in the financial sector. Downloading such an application to a top executive's mobile device could open the door to secretly accessing high-level meetings, overhearing top-secret conversations and even accessing and photographing proprietary information.
This is just one example of a trend security company executives see developing in the mobile sector: the growth of more sinister applications and viruses aimed at more sophisticated devices that capitalize on individuals' growing use and comfort with mobile phones and PDAs.
Such concerns keep Miller and other security company executives worried. The developing security challenge is to make sure it doesn't become a channel to break into secure corporate enterprises.
That's also a major concern for Todd Thiemann, director of device security for Trend Micro, another global security company.
Because operating systems like Symbian and Microsoft Windows Mobile are the most widely used, they've attracted the most attention from hackers and malware developers. Thiemann has noticed the growth of malware applications that can be secretly installed on devices to track phone calls and SMS messages. He says that so far, much of this activity has been limited in scope and impact. 'The threat we see today is more proof-of-concept rather than impacting thousands of devices,' he says. But that could change as the devices and the hackers both become more sophisticated.
Both Symantec and Trend Micro have introduced updated security and antivirus products designed to protect mobile devices as the latest threats migrate from the PC environment. But to be effective mobile users have to become aware that they are vulnerable to a growing number of external threats - and that as their phone grows in capability, so does the threat.
Carriers, enterprises and the handset manufacturers themselves are all playing an increasingly aggressive role in protecting mobile devices. But the growing number of them, the increased functionality the smart devices provide and the extreme portability they empower are factors that work against effective centralized control.
Ultimately, the security exerts warn, the responsibility for protecting mobile devices will rest with the customer. The question is, will the customer recognize this before the first truly worldwide mobile virus hits‾