This article was written by Elinor Mills of CNET News.com.
Smartphones aren't just smart, they're personal computers. Unlike a desktop or even a laptop PC, those devices and other mobile phones can easily slip out of a pocket or purse, be left in a taxi, or get snatched off a table. They let you store photos, access e-mails, receive text messages, and put you one browser click away from potentially malicious Web sites.
In effect, gadgets like the Apple iPhone and those running Google's Android software can be as risky to use as PCs, except that the wide variety of mobile platforms has deprived malicious hackers of one dominant software element to target, such as they have with Microsoft's Windows operating system on desktops and laptops.
Here is a look at the different types of threats that affect smartphone users and what people can do to protect themselves.
What's the biggest security threat to my mobile phone?
Losing it. "You are way more likely to leave it in the back of a taxi than to have someone break into it," Charlie Miller, a principal analyst at consultancy Independent Security Evaluators, said in a recent interview. The best way to protect data in the event of losing a device is to not store sensitive information on it, he said.
If you must store sensitive information on it, use a password on the phone and encrypt the data. Devices can be configured so that they ask for a password every time e-mail or a VPN is accessed. Use a strong enough password that a stranger can't guess it. And back up your data frequently.
There are also ways to lock the phone remotely or wipe the data if it is stolen. AT&T spokesman Mark Siegel said users who lose their phone should call the company immediately and "with just a keystroke, we can prevent anyone else from using the phone--and from running up charges."
A number of companies offer software and services to protect mobile phones. One of them is a start-up called Lookout that offers a
Mobile device users should also be careful about leaving the phone unattended, or loaning it to people. Spyware can be installed without you knowing it. For instance, the PhoneSnoop program can be used with BlackBerry devices to remotely turn the microphone on to eavesdrop on nearby conversations.
Can mobile phones get viruses?
Yes. Mobile viruses, worms and Trojans have been around
In November, several worms hit the iPhone, but only devices that had been jailbroken so they can run apps other than those approved by Apple.
Miller says: "Don't jailbreak your phone. It breaks all the security, basically." If you simply must jailbreak it, you should change the default root password and not install SSH (Secure Shell network protocol).
What are other types of attacks?
Just like with computer users, smartphone users are vulnerable to e-mail and Web-based attacks like phishing and other social-engineering efforts. All attackers have to do is create a malicious Web page and lure someone to visit the site where malware can then be downloaded onto the mobile device. People should avoid clicking on links in e-mails and text messages on their mobile device.
SMS offers another avenue for attack. Last year, researchers demonstrated several ways of attacking phone using SMS messages.
Is it safe to use Wi-Fi and Bluetooth?
Yes and no. If you are doing something sensitive on your phone, like checking a bank account or making a payment, don't use the free Wi-Fi at a coffee shop or other access point. Use your password-protected Wi-Fi at home or the cellular network to avoid what is called as a man-in-the-middle attack in which traffic is intercepted. Pairing a mobile phone with another Bluetooth-enabled device,
Which is safer: the iPhone or Android?
Apple vets all the apps that are used on the iPhone, and that tight regulation of the Apps store has kept users safe from malicious apps so far. Nothing is foolproof, however. Once apps are approved they can do any number of things. For instance, Apple removed free games in November developed by Storm8 that were found to be collecting users' phone numbers.
From an architecture standpoint, Android offers more granular access control. But the open-source nature of the Android platform means apps aren't as controlled as they are on the iPhone and holes can be introduced by any number of parties. For instance, Miller
Are standard mobile phones safe?
Obviously regular mobile phones don't pose the Web-based threats that smartphones do. But they are still used to store sensitive information that can be accessed by gaining access to the device. For instance, the inbox and outbox for text messages can contain information that can be used for identity fraud, said Mark Beccue, a senior analyst for consumer mobility at ABI Research. "Regardless of what type of cell phone, the most dangerous current threat is through a cellphone's in/out message boxes," he said. "Clear (them) out regularly. Do not transmit full account numbers, PIN or passwords within a text message unless you immediately delete the out box message."
Standard phones that support Java can be susceptible to certain threats that smartphones are. For instance, scammers in Russia and Indonesia are hiding a Trojan in pirated software that surreptitiously sends SMS messages to premium rate numbers - costing as much as $5 each, thus racking up huge bills, said Roel Schouwenberg, a senior antivirus researcher at Kaspersky Lab.
And what about spam?
That's a growing problem on mobile devices. For information on what to do when you get mobile spam read "
By Elinor Mills