Smart-Phone Insecurity

Smart phones have risks–but so do regular cell phones.

Simson Garfinkel ’87, PhD ’05archive page

March 26, 2007

Last week Jon Espenschied wrote an article in Computerworld describing 10 significant security risks with today’s smart phones. The article, while more than a bit geeky, makes an important point: today’s smart phones are general-purpose computers and, as such, they are vulnerable to all the same security problems as other general-purpose computers. Specifically:

They may not be running the code that you think they’re running (and that includes viruses, Trojan horses, and the like);

Many of the communications on and off the phone are not properly encrypted, if they are encrypted at all;

If you delete a file on the phone, it can probably be recovered;

It’s easy for a motivated hacker to spy on your phone.

Espenschied’s article makes good, alarming reading, but if anything, it underplays the risks of mobiles. That’s because his article stresses the security problems unique to smart phones but ignores the risks to phones in general.

Back in 2003 I wrote a brief tidbit, “Understanding Cellular Telephone Security and Privacy,” for a human-rights group that I was doing some work with. Instead of stressing the risks specific to smart phones, this document stresses the risks posed to any cell phone.