Caller Beware: Smartphones Present Tons of New Security Threats

That new iPhone or Google-powered phone in your pocket could be more valuable to thieves than your wallet.

For years, phone makers have said smartphones aren’t as vulnerable to viruses as PCs. But today it looks as though smartphones are more vulnerable to attacks -- and present unique new dangers in terms of identity theft, spying and fraud.

Passwords can be easily decoded and malicious software can silently pilfer personal information and rack up expensive charges. And good luck preventing it.

"It's reminiscent of the '80s, when viruses and malicious programs were infecting PCs," Ryan Naraine, security evangelist for the security firm Kaspersky Lab, told The difference now, he said, is that smartphones present an even greater danger because they often contain banking information and even give online crooks your exact location via GPS and wireless connections.

“Smartphones are becoming increasingly sophisticated," said Mark Kanok, a product manager at Symantec. "And with that, an increasing amount of personal data is being stored on these devices.”

Unfortunately, most cell phone users don't bother with even basic protection. In a study by U.K.-based, researchers found that 67 percent of smartphone owners don't use a password to protect their phones. That's a big no-no. Leave your phone on a desk -- or worse, lose it -- and you're opening yourself up to identity theft and potentially giving strangers access to your money, e-mail, and social networking profiles.

Even more startling, using a password may not protect you, especially on popular touch-screen phones. Look carefully at the screen, and you'll see why in the smudges: Touch screens can reveal your password via the oily patterns left by your fingers.

Researchers at the University of Pennsylvania said this month that by taking a picture of the touch screen on a Google-powered phone, they could decipher the owner's password 68 percent of the time. The authors warned that similar "smudge attacks" could be used against other handsets, such as Apple's iPhone, and other touch screens, such as those on ATMs and debit card readers in stores.

Once rare, malicious programs that steal information and rack up charges to owners are becoming more common. Researchers at Kaspersky Lab recently found a so-called Trojan program infecting Android-based smartphones.

"It runs silently in the background, sending text messages to premium numbers," said Naraine. Those messages could cost, say, $5 each, with hundreds sent to a number in Russia before the unsuspecting smartphone owner received his bill and discovered the fraud. By then, the criminals have closed up shop and moved on.

Other viruses have shown up in the past few months embedded in games and wallpaper apps. In fact, it is so easy to create malicious apps that the BBC decided to spread such a program on its own just to prove the point.

According to the news outlet, within a couple of weeks it was able to create and spread a simple game that contained a virus. The app pulled out the contact listings, text messages, and location information from a phone remotely and sent it to a special e-mail address -- all without the owner being any the wiser.

So far, iPhones and Blackberry phones have experienced fewer attacks directed at them. "The Android platform is more open, which is good," said Naraine, "but because of that you'll probably start to see a lot more malicious things happen on the Android phones."

How can you tell if you're infected? One clue, experts say, is a sudden drain on your phone's battery, which might indicate that data is being remotely pulled from the phone. And, of course, smartphone owners should always check their bills to make sure spurious charges aren't being added.

You can also take a few specific steps to reduce the threat:

-- "Never download an unknown or untrusted app from a Web site," said Naraine. Only download applications from the official marketplace, store, or cell carrier associated with the phone.

-- If you're using an Android phone, check to see if there's an upgrade to the latest operating system. The newest version will allow owners to use an alphanumeric password rather than a simple swipe password. This should make those smudge attacks more difficult.

-- Don't tap on a link in a message unless you are sure of its source.

-- Consider using a remote locking or wiping service, programs intended to stop thieves from using a lost or stolen phone against you.

Should you discover your phone is no longer in your possession, a wiping program will let you either lock or completely erase data on your phone remotely. For iPhone owners, MobileMe ($99 a year) includes such a remote-erase service. A free trial version of a wiping and security program, Norton Smartphone Security, is available from Symantec for Android owners. Blackberry users can also test a program called Blackberry Protect for free.

Having to take these extra steps to protect yourself -- and your phone -- may be inconvenient. But remember this: The smarter the phone in your pocket becomes, the greater the risk it presents should it become infected or go missing.