Skip to main content
Part of complete coverage on

Smartphone security threats likely to rise

By Doug Gross, CNN
Smartphones are attack-resistant, but experts say their growing numbers make them attractive targets.
Smartphones are attack-resistant, but experts say their growing numbers make them attractive targets.
  • As smartphone popularity rises, so will security threats, experts say
  • Users should use same caution on phones they do on laptops or desktops
  • Mass attacks are harder to carry out on phones than on traditional computers
  • Individuals are more likely to be targeted for personal, financial info

(CNN) -- Worms, spam, viruses and hackers -- they're not just for your desktop or laptop anymore. According to internet security experts they could be well on their way into your pocket or purse.

The popularity of smartphones -- like the Blackberry, iPhone, Palm and the emerging Droid -- is on the rise and shows no signs of letting up.

And that's making the phones a sweeter target for online ne'er do-wells looking to, at the very least, cause mischief and, at worst, rip off unsuspecting phone owners.

"It's guaranteed that almost everything we see on a computer will show up on a smartphone -- and some new things," said Jake Widman, a San Francisco-based technology writer and analyst.

Last year, more than 139 million smartphones were sold worldwide, a 13.9 percent increase from 2007, according to the British technology analysis firm Gartner.

With Apple planning to release the iPhone in China, and a more affordable Android handset expected to hit the market by the end of the year, the pool of potential targets is only expected to get deeper.

And compared to even a year ago, when analysts say most people used smartphones mostly for voice calls and e-mail, an increasing number of users are now surfing the Web, paying bills and doing other activities that open them up to abuses.

"When the market increases, there are generally more people going after it because there's a bigger potential for gain," said Andrew Storms, who directs safety efforts at online security company nCircle.

Security companies already have seen several threats hitting smartphones. In most cases, they say, they're targeted at individuals rather than the millions of desktop or laptop users that a typical e-mail attack can impact.

"What we haven't seen is the massive anonymous attacking across all of the smartphone bases," Storms said. "[Traditional] worms and viruses continue to breed and move on from computer to computer -- the attacks we see today on the smartphone market are targeted attacks."

Security analysts say they've already seen all of the major online threats -- Trojan horses, viruses, worms -- spreading on smartphones, often through e-mail attachments sent to the phones.

One attack even used a Bluetooth headset to try to attack other Bluetooth users within 20 feet of the infected unit.

Security problems were most pronounced in the early days of the smartphone -- when a majority of them ran on a single operating system and it was easier for malware to spread from one phone to the next.

One of the problems now, analysts say, is that people who take security precautions on their home computers either forget to do so with their phones or don't think they need to in the first place.

"We've not become accustomed to thinking twice about it," Storms said. "The risk exists. It's going to continue to exist and continue to increase."

A survey by security firm Trend Micro Incorporated suggested that only 23 percent of smartphone users enable security software already loaded onto their phones and 44 percent think surfing the Internet on their phone is as safe or safer than doing so on a desktop computer -- even with no security software.

The good news, experts say, is that phones present problems for hackers and other bad guys that traditional computers don't.

Most viruses and other malware are designed for Windows, because that's the most popular operating system. Since smartphones use a variety of different platforms, someone writing malicious software needs to pick and choose.

And while e-mail databases exist that enable phishers, spammers and others to blast their messages to huge chunks of users at once, it's tougher to get lists of telephone numbers, much less numbers specifically for smartphone users.

"There's a greater barrier to entry for the black hats," Storms said. "It's a little bit more of a difficult platform to attack."

Khoi Nguyen, a group product manager for security provider Symantec, said that in a world of sophisticated online technology, smartphone users are most likely to fall prey to a more basic attack -- old-fashioned theft.

He said phone users are 15 times more likely to lose that device than a laptop. That's a recipe for disaster when their phone isn't protected by a password, he said.

"It's easy for someone to go in and get automatic access to their e-mail, automatic access to their mobile banking accounts," he said. "A lot of thieves are realizing that there's not just value in the phone any more -- there's value in the data."

The makers of the world's most popular smartphones say they're constantly working to keep up with the latest threats.

Scott Totzke, vice-president of Blackberry's security group, said the number and severity of mobile attacks he's seen so far have been minimal -- but that that could easily change.

"When you look at the evolution of malware, it never gets worse -- it always gets more sophisticated and more refined," he said. "As an industry ... we have to really look at where those trends are going and understand that everything we saw in the last 25 years in the PC world is probably going to happen much faster in the mobile world."

Totzke advises all smartphone users to enable a password, quickly download security updates from their phones operator system and carefully consider the source of any applications they download.

The bottom line, according to experts? Treat your smartphone like a computer, not a telephone.

"There's a terrific upside to having a smart phone in your hand, but buyer beware," Storms said. "With that power comes an inherent risk."