"In our proof-of-concept work, we showed how a rootkit could turn on a phone's microphone without the owner knowing it happened," says Schwartau. "An attacker can send an invisible text message to the infected phone telling it to place a call and turn on the microphone." That would be an effective tactic if, for example, the phone's owner was in a meeting and the attacker wanted to eavesdrop, he notes.
Schwartau says there are ways to filter SMS activity, but that's usually done through the wireless carrier, since SMS isn't IP-based and therefore isn't usually controlled by company admins. The best option for blocking such attacks is to work with carriers to make sure that they're using malware-blocking software, SMS filters and redirects for those kinds of attacks.
And again, creating smartphone usage policies that encourage or require the use of only company-sanctioned or company-provided phones and service plans can reduce that risk.
Of course, companies can't thwart every possible security attack with current technology, and hackers are constantly switching tactics. You should try to plug these six security leaks and work to ensure that they stay plugged -- but you should also keep an eye out for new forms of malicious activity.
John Brandon is a veteran of the computing industry, having worked as an IT manager for 10 years and as a tech journalist for another 10. He has written more than 2,500 feature articles and is a regular contributor to Computerworld.