How easily can spyware be placed on a mobile phone?

John Strand reveals just how easy it is for malware and spyware to be placed on your mobile devices.

Black Hills Information Security

I suspect that someone has put spyware on my phone. I may be paranoid, but can spyware be easily placed on a mobile device? Are there any sure-fire ways to know if my phone has been infected?

Yes, spyware can easily be put on a wireless phone. Take a look at FlexiSpy, a piece of commercial software, for example, whose stated purpose is to keep an eye on children or catch cheating spouses. And the uses for such technology will likely not stop there, as we all know.

The one caveat for this type of tool, however, is that an attacker needs to have physical access to a phone to...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

install the software. How often do you leave your phone unattended? As it is today, most of the vectors to infect phones involve an attacker having physical access to the phone. However, there are also emerging vectors that involve a user surfing to a malicious site with his or her phone's built-in browser.

Mobile phone security is an area where I expect to see a big boom in the next few months. Antivirus vendors, like F-Secure plc, are working to develop antivirus products for mobile devices. If you suspect that malware has been installed on your phone, I strongly recommend looking into these products.

It may also be time for many organizations to conduct a risk-based assessment of the numerous mobile devices in use within the enterprise. When assessing this type of risk, try to determine where the threat has access to an asset. If you are allowing your organization's users to have proprietary emails and intellectual property on their phones, the risk related to that business activity needs to be addressed in the organization's security policies. One of the concerns I have with the explosion of these popular smartphones in the workforce is that there is often little security-focused oversight of the products used to conduct business.

More information:

Web browser exploits are nothing new, but few security managers are consciously aware of the threat that Web advertisement exploits represent.

Get the latest news and expert advice on spyware, adware and Trojans.

This was last published in January 2009

Dig Deeper on BYOD and mobile device security best practices

All
News
Get Started
Evaluate
Manage
Problem Solve

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

Related Resources

Dig Deeper on BYOD and mobile device security best practices

Related Q&A from John Strand

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.