The one caveat for this type of tool, however, is that an attacker needs to have physical access to a phone to install the software. How often do you leave your phone unattended? As it is today, most of the vectors to infect phones involve an attacker having physical access to the phone. However, there are also emerging vectors that involve a user surfing to a malicious site with his or her phone's built-in browser.
Mobile phone security is an area where I expect to see a big boom in the next few months. Antivirus vendors, like F-Secure plc, are working to develop antivirus products for mobile devices. If you suspect that malware has been installed on your phone, I strongly recommend looking into these products.
It may also be time for many organizations to conduct a risk-based assessment of the numerous mobile devices in use within the enterprise. When assessing this type of risk, try to determine where the threat has access to an asset. If you are allowing your organization's users to have proprietary emails and intellectual property on their phones, the risk related to that business activity needs to be addressed in the organization's security policies. One of the concerns I have with the explosion of these popular smartphones in the workforce is that there is often little security-focused oversight of the products used to conduct business.
This was first published in January 2009