How easily can spyware be placed on a mobile phone?

Yes, spyware can easily be put on a wireless phone. Take a look at FlexiSpy, a piece of commercial software, for example, whose stated purpose is to keep an eye on children or catch cheating spouses. And the uses for such technology will likely not stop there, as we all know.

The one caveat for this type of tool, however, is that an attacker needs to have physical access to a phone to install the software. How often do you leave your phone unattended? As it is today, most of the vectors to infect phones involve an attacker having physical access to the phone. However, there are also emerging vectors that involve a user surfing to a malicious site with his or her phone's built-in browser.

Mobile phone security is an area where I expect to see a big boom in the next few months. Antivirus vendors, like F-Secure plc, are working to develop antivirus products for mobile devices. If you suspect that malware has been installed on your phone, I strongly recommend looking into these products.

It may also be time for many organizations to conduct a risk-based assessment of the numerous mobile devices in use within the enterprise. When assessing this type of risk, try to determine where the threat has access to an asset. If you are allowing your organization's users to have proprietary emails and intellectual property on their phones, the risk related to that business activity needs to be addressed in the organization's security policies. One of the concerns I have with the explosion of these popular smartphones in the workforce is that there is often little security-focused oversight of the products used to conduct business.

More information:

Web browser exploits are nothing new, but few security managers are consciously aware of the threat that Web advertisement exploits represent.

Get the latest news and expert advice on spyware, adware and Trojans.