Right now handheld devices have such limited capabilities. Your worst fear is an attack to the device itself, but as you migrate to more intelligent devices you have to start thinking about your employees, roaming around with little weapons connected to your network. You have to be concerned about whether an attack can take the device out and will it have the ability to take out large segments of your network. Portable devices are the bad guys' best friend.
The question is what happens if the communication world converges onto an IT backbone where the phone isn't connecting through a cellular gateway into the infrastructure, but is connecting right on the network as a full IP device.
Can mobile phones be used to tunnel into a corporate network?
I think that is a very valid point as corporations look to mobile devices as a way of mobilizing backend applications. The threat, particularly for the enterprise space, is that these tools may expose sensitive corporate data.
As mobile phones and other, similar devices gain additional computing capabilities -- sending e-mail and photos, and browsing the Internet -- do they pose an increased threat to network security?
Although malicious code hasn't caused widespread damage in the mobile area yet, there have been a number of incidents that have demonstrated the potential disrupts they could cause. There was a virus that spammed thousands of mobile
While the power is increasing, it still isn't there. Certainly malicious programs can use a phone to spread. And there are certainly Trojans that can be implanted on a phone, but I think the really interesting stuff is going to come when the .NET platform becomes pervasively used on handheld devices.