A Trojan called RexSpy has been created by Wilfried Hafner, CEO of SecurStar GmbH to demonstrate that cell phone conversations as well as SMS messages can be eavesdropped and recorded.

RexSpy uses an undetectable SMS message that is completely invisible to the operating system. The SMS sender can spy on cell phone users at anytime as long as the cell phone is in use. With this Trojan, all SMS message and all conversations can be listened to and the surrounding areas can be monitored via this infected mobile device. In addition, the RexSpy Trojan can access and forward complete address books.

But is this a threat that we should be worried about today?

Perhaps not, answered James Quin, senior research analyst with Info-Tech Research Group.

"Viruses and malware for smart phones, PDAs and regular cell phones are accelerating into the likelihood that we are going see these vulnerabilities occurring in the wild [but] not today," he said.

Quin believed that the biggest potential threat of RexSpy is to corporations' intellectual property.

"If intellectual property is being discussed over [a cell phone] and having a Trojan [on there] that captures and relays that conversation is going to be problematic," he said.

Quin added that data classification and privacy extends beyond the documents and information stored on a computer or server but also to information that is discussed.

The analyst was also a little skeptical about the development of the Trojan by security company SecurStar.

"It's a chicken and an egg thing," Quin said. "Did they develop a solution and try and make a problem to give their solution some validity [or the other way around]?"

The SecurStar solution to combat the RexSpy Trojan is PhoneCrypt, an anti- Trojan tool to protect against any electronic eavesdropping through encryption. This software solution was developed for secure verbal communication for cell phones using Microsoft Windows. A Symbian-based version for pocket PCs and smart phones are in development from SecurStar.

Quin said there is an increasing market for solutions from the likes of SecurStar but doesn't think there is a need to protect against eavesdropping threats with such tools.

"An educated consumer can apply sensible policies to make wise decisions about use of their communication methods and phones rather than buy a tool," he added.

Quin said that it is difficult to say when a Trojan like RexSpy will start moving into the realm of reality as it could be anywhere from a couple of month to tomorrow but doesn't think the Trojan will ever become a serious problem.

"[Users need to] think about what they talk about and careful where it is discussed. If you are already taking those steps and measures then [Trojans like RexSpy] are not going to be a problem," Quin said.

The analyst added it is important for users to establish a policy so that users don't discuss critical information on an un-secure line like a cell phone.

"That is a wiser course of action for businesses rather than installing a piece of software on [a cell phone]. A technology solution is a band-aid on poor process," Quin said.

Reprinted by permission of Integrated mar.com (integratedmar.com), EchannelLine © Copyright 2006 Integratedmar.com Corporation.