Freely subscribe to our NEWSLETTER

The warning comes after a iPhone jailbreaking group called Comex claims to have developed Frash, an unauthorised version of Adobe’s Flash player that runs on the Apple iPad, and is now being ported to the increasingly popular iPhone 4.

"Jailbreaking refers to the act of cracking a vendor’s smartphone operating system to allow it to work with almost any mobile network and, as you might imagine, it’s frowned up on by the cellular carriers as it drives a steamroller through their handset subsidy schemes," said Barmak Meftah, Fortify’s chief products officer.

"Whilst Frash may look attractive to iPhone 4 and 3GS users wanting to surf to extra Web sites, the reality is that to install this software, users will have to jailbreak their handsets, so allowing the loading of apps from almost any source," he added.

And as Fortify has said many times, whilst Apple monitors the iTunes store closely for rogue apps, the same is not true for open source and third-party iPhone apps, which can be tampered with by hackers and then offered for free download.

Everyone, he explained, loves free software for their mobile phone and, as a result, the normal guard that people have when viewing Web sites promising free software for their desktop or laptop computer tends to be lowered when it comes to their iPhone - or any other smartphone, come to that.

"There is an interesting article in the Sunday edition of the Los Angeles Times (http://bit.ly/cQj4dD) which says that hackers can learn a lot from a users’ mobile phone number using relatively low level hacking techniques," noted Meftah.

The most interesting comment in the piece, however, comes from a security researcher quoted in the paper as having developed a `nasty little application’ called TXSBBSPY.

The program, says Fortify’s chief products officer, turns a users’ Blackberry into a remote surveillance station, with the smartphone owner as the target.

As the researcher says in the feature, the app allows the remote user to read text messages on the Blackberry, listen to voicemails and also turn the handset into a remote eavesdropping device.

"In the LA Times feature, the researcher - Tyler Shields - says that we’re still living in the late 1990s when it comes to security on handsets, adding that the situation is similar to days before people knew to put antivirus software or firewalls on their computers," he said.

"And it’s against this backdrop that we urge smartphone users to think very carefully before downloading an app for their handset from an untried or unknown source, no matter how attractive the free app looks," he added.

"You wouldn’t be so silly to download a `free version’ of MS-Office from a Ukrainian Web site to your desktop PC, so why do the same for your smartphone? Think before you click and download."