Spying programs for mobile phones are likely to grow in sophistication according to a leading mobile analyst.
Many of the spy programs on the market are powerful, but aren't very sophisticated code, said Jarno Niemela, a senior anti-virus researchers for Finnish security vendor F-Secure, speaking at the Black Hat security conference in Las Vegas.
But there is increasing evidence that money from selling the tools will create a stronger incentive for more accomplished programmers to get into the game, which could make the programs harder to detect, Niemela said.
Niemela said his prediction follows what has happened with the malware writers in the PC market. Many hackers are now in the business of selling easy-to-use tools to less technical hackers rather than hacking into PCs themselves.
One of the latest tools on the market is Mobile SpySuite, which Niemela believes is the first spy tool generator for mobiles. It sells for US$12,500 (£6,220) and would let a hacker custom-build a spy tool aimed at several models of Nokia phones, Niemela said.
The number of mobile spyware programs pales in comparison to the number of such programs available for PCs. However, mobile spying programs are harder to track, since security companies such as F-Secure don't see as many samples circulating on the Internet as they do of malicious software for PCs.
Anecdotal evidence has emerged that enterprises may be increasingly encountering mobile spyware on their fleets of phones. The clues have come from companies that are relatively cagey when talking about what they have seen.
"There have been certain cases of corporate customers asking very detailed questions about spy tools and not mentioning why they need the information," Niemela said.
Some of the more well-known spy programs are Neo-cal land FlexiSpy. Neo-call is capable of secretely forwarding SMS text messages to another phone, transmitting a list of phone numbers called, and logging keystrokes. FlexiSpy has a neat, web-based interface that shows details of call times, numbers and SMSes, and it can even use a phone's GPS receiver to pinpoint the victim's location.
Hackers usually need to have access to the phone itself to install the software. And OS manufacturers such as Symbian have enabled security features such as application signing, which is intended to prevent rogue programs from being installed on a phone.