(CNN) -- When BlackBerry users in the United Arab Emirates received a text message from their service provider on July 8 instructing them to install an upgrade on their handsets, they had no idea the application also contained software that, according to BlackBerry's maker, would enable third parties to peek at private information on their phones.
Cell phone surveillance software can take control of your smart phone.
Etisalat, the Abu Dhabi-based mobile carrier that deployed the update, has reportedly denied the software was spyware. In a statement issued last month, Etisalat said the upgrade was necessary for "service enhancements'.
But Canadian BlackBerry maker Research in Motion Ltd. said in a statement that "independent sources have concluded that it is possible that the installed software could enable unauthorized access to private or confidential information stored on the user's smartphone."
Etisalat did not respond to CNN's request for an interview.
The UAE incident unleashed a wave of outrage among BlackBerry users in the country as well as brought to light what experts say is growing concern that as mobile phones become more sophisticated, they are also becoming increasingly vulnerable to technological espionage.
"When no one was paying attention, their phones turned into a computer," cyber security expert Charlie Miller told CNN. "These phones have bugs in them and bad guys can take advantage of them and you have to be aware there is a risk here."
At the Black Hat information security conference held last month in Las Vegas, Miller and fellow computer security researcher Collin Mulliner shocked audiences when they revealed how a series of simple text messages can allow someone to hijack Apple's iPhone as well as several other smartphone models with neither the handset's owner or network provider ever knowing.
The virus allows outsiders to send text messages, access web sites, make phone calls as well as turn on a device's camera and microphone, he explained.
"Anything you could do with your phone I could do," said Miller. "And you could be staring at your phone the whole time and nothing happens. It is pretty dangerous."
Within 24 hours of the demonstration, Apple issued a patch to fix the vulnerability. The company also issued a statement noting, "contrary to what's been reported, no one has been able to take control of the iPhone to gain access to personal information using this exploit."
Miller warns that as smartphones and applications to run on them flood the marketplace, new and creative ways to hack into them could soon emerge.
"Who is going to find the next one?" asked Miller. "And are they going to report it? That is the question."
In July a mobile phone worm called "Sexy Space" compromised mobile phones using Symbian software, reportedly enabling hackers to steal phone and network information from devices by luring in victims through a web site that promised pornography.
Security experts have labeled the technology behind the breach as the first step towards a botnet, or group of infected machines, for mobile devices. Almost one out of every 63 smartphones running on Symbian are infected with some form of malware, according to a study from SMobile Systems, a mobile phone security solutions provider.
James Johns, founder of Arizona-based Retina-X Studios, says business has already been on the increase for the cell phone monitoring software his company makes.
The software, which can be purchased and downloaded to a handset directly from the Internet, allows individuals to remotely monitor the text messages, calls and location of the person using the device on which it has been installed.
"It is becoming very popular," Johns told CNN. "The main reason is that most people have smartphones that can be monitored unlike a regular cell phone, which can't really run programs."
Legitimate software open to abuse
While Johns says most of his customers are either parents who want to know more about their children's cell phone activities or spouses hoping to catch a cheating husband or wife, there is always a risk that it could be used for malicious purposes.
"It is up to the user of the software to make sure they follow all laws," said Johns.
"Any technology can be abused. We don't make our software for those intentions, and if we find out that someone is abusing our software, we will work with the police as we have in the past."
Yet despite the growing demand for consumer mobile phone surveillance technology and high profile examples of mobile security breaches via spyware installed by remote sources, other analysts say the there is no need to panic just yet.
"Mobile security threats are real, but they are rare," Jan Volkze, head of global marketing for McAfee Mobile Security, told CNN.
According to Volkze, the risk of handset hacking still remains relatively low mainly because when it comes to cracking mobile phones, the return on investment is simply not worth it.
"This is a huge barrier," said Volkze. "On the PC side it is very easy to extort money from people. It is a multi-billion dollar business. Hackers will only move to the mobile side if they can get more out of it compared to what they have done before."
However as more people start to store more information from their lives on mobile devices, more measures need to be taken to make sure the data is kept secure.
"People should apply the same level of paranoia on their cell phone that they would on their personal computer," said Volkze. "
If there is a text message arriving from an anonymous number saying you just won two weeks free holidays in the Bahamas, you should react to this in the same what you would react to this if you got it in an email. Delete it."
|Most Viewed||Most Emailed|