People have been talking about smartphone security for a while now, and most agree the problems will get worse--quickly. 

A good indication of this is the recently discovered variant of the Zeus trojan for mobile phones. A version that targeted Symbian and BlackBerry phones was discovered in September. An even newer version that targets Windows Mobile phones has just been found by researchers, notes Network World. 

The Trojan works essentially like it would on a computer. End users can be exposed by simply visiting an infected Website, which will somehow prompt them to enter their cell phone number and smartphone model for a "certificate update." The goal is to steal the "mTANs" or mobile transaction authentication numbers, which banks use for mobile banking. If they can steal this information and get someone to click on a link, the bad guys can access accounts and drain funds. 

We've been warning companies, especially banks, that they need to be proactive about these schemes via the Internet and airwaves, which will get more sophisticated. We've suggested greater security could be a differentiator from a marketing perspective. They could take their marketing to new levels if they start touting mobile security features, even before the big wave hits. 

Most agree that a big wave is building. Smartphones are now outselling PCs and criminals are hip to this trend. Mobile security firm Lookout has found that malware and spyware appeared on 9 percent of the phones it scanned in May 2010. That's up from 4 percent in the previous December. The attacks so far have occurred beyond the U.S. borders, mainly in China and Eastern Europe. But most assume that will change. 

Apps remain a huge concern. Apple tightly monitors all apps in its marketplace. Microsoft also runs safety tests on apps in its marketplace. This approach stands in contrast to Google, which relies on technical features that make it harder for malware to work.

 All in all, financial services and other companies need get out ahead of this trend, figuring out now what steps they need to take from software security, customer education and legal standpoints. The problem is only going to get worse. - Jim