How secure is your smartphone?

As mobile security experts pointed out to me this week, the more you can do with your mobile phone, the more susceptible it is to hackers. From a mischievous teenager all the way to Mafia-style organized crime, as phones grow more sophisticated so do the attacks. The average consumer considers their personal security when most new services are introduced, but — on mobile — safety is largely assumed. Is that assumption safe?

Security vendor F-Secure this week identified a new worm in iPhones and new spying software for Android. The iPhone worm only affected unlocked iPhones in Australia and the Android spying software hasn’t been put to use yet, but the news was a wake-up call for a lot of mobile users. The majority of the most useful mobile applications draw on subscriber knowledge such as location or, even worse, credit card information for mobile banking. Furthermore, any phone with a data plan stores all of a user’s personal and, often, corporate e-mails. If a hacker is given access to this information, there is no shortage of damage that could be done.

The lesson for consumers is, first and foremost, don’t jailbreak your mobile phone. Radware security researcher Itzik Kotler says this is how the most damage can be done. Security layers are implemented at the network operator level and the handset level. When a consumer breaks the phone away from the network, he or she is taking away the first line of defense. Secondly, because mobile phones are more or less synonymous with PCs today, users should treat their smartphone data as such — backing it up, scanning e-mails for verified senders and only browsing safe sites. Users need to also be extra careful when using Bluetooth or unsecured Wi-Fi connections — perhaps avoiding that creepy guy in the coffee shop who’s more than willing to share his network.

These are things that consumers can do, but when it comes down to it, consumers shouldn’t have to think about the security of their mobile phones. It is something the network operator and handset manufacturer need to nip in the bud from the onset. The experts I spoke with from Radware, F-Secure and Georgia Tech agreed that even if mobile security isn’t a big problem today, it could very well be in the future.

“It is a problem of increasing importance,” said Jonathon Giffin, assistant professor with the School of Computer Science at Georgia Tech. “The number of handheld devices being used today is now significantly exceeding the number of desktops in the world. You look at countries with emerging technological bases or building out new infrastructure — second-world countries for example. Oftentimes they will build out a cellular infrastructure first rather than a generic computing infrastructure. What this means is handheld devices will become increasingly attractive to attackers. We need to start anticipating these attacks and start planning for the solution.”