Tue, June 24, 2008 — Network World — All evidence points to the fact that smartphone viruses will be a threat to your network even though they aren't at this moment. After all, the latest mobile devices are packed with more and more applications and corporate data, are enabled for real Web browsing and online collaboration, and can access corporate servers. What's more, they live outside your firewall and often make use of three wireless networks (Bluetooth, Wi-Fi and cellular).

"It's definitely something I worry about a lot," says Sam Lamonica, CIO of Rulph and Sletten, a Redwood City, Calif., general contractor. "With the proliferation of smartphones throughout our business, it poses a great risk if and when hackers get good at pumping malware through those devices."

A 2007 survey of 450 IT managers found Lamonica is not alone. Eighty percent had antivirus products installed. Yet about 40 percent had been hit by a worm or virus in the past 12 months Of those that were hit, 30 percent said that being unable to reach mobile users who were disconnected from the network contributed to the intrusion or failure that allowed a virus onto their network.

"The phone has advanced exponentially, while users have not caught up and realized that they are walking around with a computer," says Mark Olson, Manager, Beth Israel Deaconess Medical Center in Boston.

That's shown by the success of Apple's iPhone. Its users are among the first to do intensive and extensive mobile Web browsing, enabled by the performance of the phone's Safari browser. But Web browsing also enables a range of malware for smartphones in general. "If you go to Twitter [on the Web], you have to rely on Twitter security," says Tom Henderson, a Network World Clear Choice tester, and managing director for ExtremeLabs in Indianapolis. "You can get cross-site exploits that can dive down into the phone's browser. Then, it's a problem."

"Anything that is network connected and can be altered is a potential threat,' says Rob Enderle, principal analyst for Enderle Group, a technology advisory firm in San Jose. The growing "socialableness" of smartphones, via everything from e-mailing to instant messaging and even texting, all provide opportunities for tricking users into downloading malware, he says.

To date, major malware outbreaks on smartphones, on the scale of PC infections of past years, are almost unheard of. Early mobile phone viruses, such as Cabir, Skulls and Fontal, targeted a specific operating system, usually Symbian, and required users to accept a download and then actually install files. Infections were limited to a few score of devices typically.