By Matt Hines
Friday, April 29 2005 08:22 AM
URL: http://www.zdnetasia.com/news/security/0,39044215,39228108,00.htm

Most people with smart phones are aware of emerging security threats to the devices, but many of them still keep sensitive data on them, according to a new study.

In a survey of 300 American adults published Thursday, security company Symantec found that 73 percent of smart phones users knew about viruses and other attacks that target the devices, which marry PC-like features such as e-mail and Internet access to a mobile handset.

In addition, more than 70 percent of respondents expressed some concern over the possibility of hackers stealing or corrupting confidential information stored on their smart phones.

Over the last year, a number of threats designed specifically to attack smart phones have emerged, including the Cabir virus, which targets handsets running on Symbian operating system software. While the spread of such malicious software has been negligible so far, some security companies have become concerned about the possible rise of Trojan horses and other attacks targeting smart phones.

Overall, the level of awareness in the survey is encouraging, said Matt Ekram, mobile security product manager at Symantec. However, smart phone use is not yet widespread--the high-end gadgets made up only 3.7 percent of the overall cell phone market last year, according to Jupiter Research--so the survey reflects the attitudes of early adopters, who tend to be more savvy than average consumers, he said. As more people buy the gadgets, less-informed users will likely lead to more problems, he said.

"As smart phones replace lower-end devices, this will drive the take-up of applications and usage, and carriers will continue to push new services that send all kinds of content to the phone," Ekram said. "That will open up a lot of opportunity for hackers and virus writers to do something malicious, and we still need to educate the public more effectively as to what they should do to protect their devices."

Despite the risk, the research shows that early adopters haven't been shy about accessing confidential information using the devices. Just over 55 percent of those surveyed stored sensitive personal information on their smart phones. About 37 percent maintained confidential business data on their handsets, and about 28 percent kept clients' details in their devices.

Survey respondents also indicated that they are not afraid to use smart phone applications, even though it is widely known that many computer attacks target e-mail, instant messaging and file-sharing programs. Some 64 percent reported that they send and read e-mail on their phones, while more than 56 percent use IM, and 46 percent access the Internet.

About 32 percent said they use the Bluetooth wireless networking capabilities built into their smart phones. Cabir, the most widely reported smart phone virus, is able to spread itself via Bluetooth technology.

People's willingness to store sensitive data on their devices could influence future mobile threats, Ekram said. Since 41 percent of respondents told Symantec that they already engage in online banking via their smart phones, Ekram expects to see attacks created that try to cash in on that activity.

"The kinds of applications that are most popularly used will help dictate how much security you need on the smart phone," Ekram said. "We were surprised by the sheer number of people already doing transactions, disclosing confidential information or using online banking, and you can guess that is where the future attacks will be aimed."

In the study, nearly 57 percent of those surveyed said they felt that personal computers were more secure from outside attacks than smart phones. But in light of the fact that Cabir and other mobile viruses have yet to attack large numbers of people, Ekram said the idea that PCs are safer may be flawed.

"We do see more smart phone threats coming in the future, but for now, your PC is probably under much greater risk of attack," he said.