More small companies are allowing employees to use their personal smart phones for work. But that move could lead to big trouble, thanks to a new breed of hackers who are starting to target mobile phones.
Hackers can use spyware to keep an eye on what you type and what messages you receive, possibly gleaning company secrets. They can even track your device's location, potentially allowing them to figure out your clients or plans by looking at where you go.
For big companies with watchful IT staffs, these threats are much easier to handle. But small businesses often lack the resources to put up firewalls or pay for expensive security software for individual phones. In many cases, they are simply unaware of the threats.
Now security companies are moving beyond large corporate clients and addressing the needs of small and medium-size businesses. A number of providers are gearing up inexpensive mobile software that encrypts e-mail traffic, or monitors phones for suspicious activity. Others, meanwhile, are trying to work the security into the phone before the customer even buys it.
To be sure, the threats for the near term are minimal. There have been only a handful of reported mobile attacks, experts say, and most of them are more of an annoyance – such as a program that grabs contacts from a cell phone and forwards spam text messages. Attacks involving fraud or theft of company secrets are still few and far between.
“I'd say for the most part, it's at a nuisance level,” says Chris Hoff, chief security architect for security-software provider Unisys Corp. “But it will definitely escalate.”
Security experts say that public awareness of mobile viruses is in a state similar to the PC market before Internet viruses began attacking the public.
Mobile spyware, according to experts, is readily available. Many point to FlexiSPY, a program sold by Thai software firm Vervata Co.
The company promotes the product as a way for husbands and wives to catch their cheating spouses. Once installed on a person's phone, FlexiSPY tracks the device's whereabouts and monitors incoming and outgoing calls, text messages and e-mail. The information is then uploaded to a central server and can be viewed by the person who originally installed the software.
Nobody is accusing Vervata of stealing information, but some security experts argue that the software is ripe for abuse. It can be used by anyone to steal personal information and company secrets, they argue. A business might install the software on a rival's phone, for instance, to steal a contact list or monitor e-mail traffic.
Atir Raihan, managing director of Vervata, admits that the software has the potential for abuse, but “we do try to meet our obligations as a responsible and legitimate company by making it crystal clear that the user must check the laws of the land to ensure that the use to which FlexiSPY is being put is lawful.”
BlackBerrys may also be vulnerable to attack. In 2006, a security expert developed a program called BB Proxy to highlight the risks the gadgets face from spyware. The program can be delivered wirelessly or installed when a user downloads an unprotected program.
Once inside, it can access a company's internal network and snoop on private information.
Even Apple Inc.'s iPhone, with its lauded security upgrades, may be vulnerable, says Dan Hoffman, chief technology officer of security-software maker SMobile Systems Inc. While the iPhone offers password protection, hackers can easily break through it, and the iPhone lacks other capabilities such as data encryption, Hoffman says.