A couple of weeks ago I bought my first Android phone. As I was researching cool applications to install, I stumbled upon this blog posting from the security company Panda about smartphones sold by Vodafone in Spain being infected with the Mariposa botnet.While the Vodaphone outbreak was limited is scale it did make me think.

If the primary methods used to spread viruses on a desktop computers include email clients and web browsers, and if these applications are also installed on my smartphone, is it vulnerable to a virus?

In short, yes.

As phones evolve to include even greater functionality the more vulnerable they are becoming to the same threats that plague our desktops and laptops. At a security conference in early March 2010, researchers demonstrated how they could send the malicious version of an application to smartphones via an auto-update feature.

According to McAfee, the most vulnerable smartphone features include:

  • Text messages
  • Contacts
  • Video
  • Phone transcriptions
  • Call history
  • Documentation
  • Buffer overflows

The outbreak might not be contained to the smartphone either.

Most of the current generation of smartphones have mini usb connectors. The connector not only allow the devices to be charged, but also allows them to be plugged into a desktop computer for data syncing. This could allow a virus to be transferred to your desktop or laptop from your smartphone.  (I also plug my smartphone into my car’s usb connector to charge. Could a virus be uploaded into it?)

So, what should smartphone owners do? While many companies have developed anti-virus software for smartphones, I suggest simply using the same safe computing practices one uses with their desktop:

  • Be wary of email attachments, even if they come from friends
  • Obtain applications from trusted sources
  • Keep your sensitive data safe
  • Protect your passwords
  • Be careful using open wifi networks

Eric Schnell