Securing consumer-friendly smart phones

Smart-phone security has been a staple for business users, but now consumers are getting the devices--and their security needs are growing.

This holiday season, new phones that look and act more like mini-computers rather than cell phones will likely end up under Christmas trees and in stockings.

But so far, security products designed for individual mobile users--software and systems that keep data secure and devices free from viruses--aren't widely available.

Manufacturers, such as Palm and Research In Motion, have seen great success in addressing the business market with handheld devices like the Treo and BlackBerry. Now they're going after everyday users with affordably priced handsets that allow people to not only check their work and personal e-mail accounts, but also listen to music, send instant messages, take pictures and surf the Web.

Last week, at the DigitalLife technology showcase in New York City, Palm launched the Treo 680, a smaller, simpler Treo designed for the consumer market. Also last week, High Tech Computer introduced its new Wi-Fi enabled phone, the Dash, on T-Mobile's network. Research In Motion released its consumer-focused phone, the , this summer. And Motorola started selling its in the spring.

Most of these phones are priced under $200 when purchased along with a service contract, making them much more affordable than the $500 Treos of a few years ago. As a result, they're much more likely to appeal to everyday users and to a segment of the population known as "prosumers"--consumers who buy gadgets and use them for both personal and business purposes.

Smart-phone protection strategies

What can consumers do to protect themselves today from mobile threats? The U.S. Computer Emergency Readiness Team, which coordinates defense against and responses to cyberattacks across the nation, has listed several tips for smart-phone users to better protect themselves from attacks:

Follow general guidelines for protecting portable devices. Take precautions to secure your cell phone and PDA the same way you should secure your computer.

Be careful about posting your cell phone number and e-mail address. Attackers often use software that browses Web sites for e-mail addresses, which then become targets for attacks and spam.

Do not follow links sent in e-mail or text messages. Be suspicious of URLs sent in unsolicited e-mail or text messages. While the links may appear to be legitimate, they may actually direct you to a malicious Web site.

Be wary of downloadable software. There are many sites that offer games and other software you can download onto your cell phone or PDA. This software could include malicious code. Avoid downloading files from sites that you do not trust.

Evaluate your security settings. Make sure that you take advantage of the security features offered on your device. Attackers may take advantage of Bluetooth connections to access or download information on your device. To avoid unauthorized access, disable Bluetooth when you are not using it.

Overall, analysts believe the new crop of users could boost the total number of people using smart phones. Currently, only about 5 percent of the 220 million cell phone subscribers in the U.S. own smart phones or voice-enabled PDAs. In the next few years, 10 percent of all cell phone users are likely to use a smart phone, according to JupiterResearch studies.

But like the security issues that emerged during the PC and Internet revolutions of decades past, security concerns pegged to the growing popularity of these new connected devices will likely bubble to the surface.

"As prices come down on these phones, we're going to see a lot more people using them," said Iain Gillott, an analyst at iGillott Research. "And just like in the PC market, when there is mass adoption in the consumer market, we're likely to see more security threats."

Malicious software and viruses targeting cell phones exist today, but the risk of users becoming infected is still relatively small, experts say. For one, traditional cell phones are difficult to hack. Many handsets use proprietary operating systems, and they operate over a carrier-controlled network, providing little opportunity for hacking or infecting.

But that's changing. Smart phones are now supporting unlicensed wireless technologies that can be hacked. Most have Bluetooth, a short-range unlicensed wireless technology used to connect devices to accessories like headsets or speakers. And in the future, many will also support Wi-Fi, which connects users to the Internet over unlicensed radio frequencies.

Several Bluetooth viruses have already been identified. Experts say it wouldn't take much for attackers to rewrite Web-based viruses to work on cell phones accessed through Wi-Fi connections.

Featured Video