Enisa calls for tighter smartphone security

Spyware, data loss and access to unauthorised premium rate phone calls are among the main risks facing smartphone users, according to the latest research from the European Network and Information Security Agency (Enisa).

The EU-backed agency's report (PDF) also lists improper decommissioning, phishing and network spoofing attacks as major threats. It is pitched at chief information officers and enterprise administrators with responsibility for managing handsets.

"If you are one of the hundreds of millions of smartphone users worldwide, you probably spend more time with your phone than your spouse. With its array of applications and sensors, it may even know more about you," said the report.

Udo Helmbrecht, executive director of Enisa, warned that, without proper controls, smartphones present a number of problems.

"Given the growing importance of smartphones for EU businesses, governments and citizens, we consider it essential to assess their security and privacy implications," he said.

The report provides advice for deploying smartphones in ways that do not risk the loss of corporate data.

"Smartphones are a goldmine of sensitive and personal information, and it is vital to understand how to maintain control over this data. We have designed our recommendations to plug into a typical security policy," said Giles Hogben, co-author of the report.

Among the main advice for firms is enforce an app whitelist to regulate the downloading of applications, use memory encryption, and apply a thorough decommissioning procedure, including memory wipe processes prior to decommissioning handsets.

When used by 'high officials', however, extra precautions are needed such as additional call and SMS encryption software for end-to-end confidentiality, periodic wiping and reloading, and banning the storage of sensitive data locally.