Cheaters beware. In late October, Indonesian developer Sheran Gunasekera released mobile-phone software that can help someone eavesdrop on your conversations. A distrusting partner or spouse can secretly download the free application, called PhoneSnoop, onto your BlackBerry, remotely turn on the microphone, and listen to conversations held in proximity to the device.
PhoneSnoop, downloaded more than 2,000 times since its release, is one of a growing number of applications that can be downloaded onto a smartphone without a user's knowledge. FlexiSPY similarly can be downloaded onto Research In Motion's BlackBerry or the Apple iPhone. Smartphones and the growing number of people using them are becoming a bigger target for unauthorized and potentially harmful software, including worms, viruses, and spyware that tracks a user's Web activity. The smartphone security threat "is imminent," says Jeff Wilson, a principal analyst at consultant Infonetics Research.
Smartphones are increasingly prevalent and adept at handling more tasks, including trading stocks, paying bills, and buying stuff online. That makes them all the more attractive to thieves and hackers, says Khoi Nguyen, group product manager for mobile security at antivirus vendor Symantec. The number of smartphones shipped is expected to rise to 330 million units in 2014 from 178.3 million this year, according to ABI Research.
Storm8 games removed by Apple
Hackers can attack phone users through app stores, the Web, and e-mail. In early November, the so-called Rick Astley worm struck certain iPhones and turned their wallpaper to an image of the '80s music icon. A few days later, a related worm, iPhone/Privacy.A, began gaining access to users' e-mail and SMS messages, calendar appointments, contacts, and photos. Hackers could use that information to steal a phone owner's identity or personal data.
Mobile applications, sold or distributed through online app stores, are emerging as an especially attractive avenue for potential security breaches. Apple reviews apps before letting them onto its App Store, yet it's been unable to detect all threats. On Nov. 8, Apple removed free games developed by Storm8 that surreptitiously collected users' phone numbers. Storm8 concedes that the games collected phone numbers but says in a statement it did not use them "for any purpose" or "provide them to any other company." Storm8 says it has removed the offending code. Apple didn't respond to multiple requests for comment.
Smartphones are also vulnerable to the same Web-based and e-mail attacks that have long hammered PCs. One in five smartphone owners has already encountered what's known as a phishing scam, where hackers pose as a bank or some other trusted institution in an attempt to collect personal user information, according to a survey of 1,016 U.S.smartphone users conducted by virus-scan vendor Trend Micro in May.