"Until now mobile spyware has been aimed at the consumer market, with the promise of being able to track your loved one's every move through their phone," said Kevin McNamee, security architect and director of Alcatel-Lucent's Kindsight Security Labs, in a blog post Tuesday. "But locating teenagers and a straying spouse are only one part of the story."
"Mobile spyware in the 'Bring Your Own Device' (BYOD) context poses a threat to enterprises because it can be installed surreptitiously on an employee's phone and used for industrial or corporate espionage," McNamee said.
In order to demonstrate the risks posed by such threats, Kindsight has developed a proof-of-concept spy-phone program that can be injected into other Android applications and can provide the attacker with backdoor access to enterprise networks. He plans to present it at the Black Hat USA 2013 security conference in Las Vegas next week.
Kindsight's report also contains infection statistics for home networks, saying that 10 percent of them showed signs of malware infections. Six percent of home networks had infections with high-threat-level malware like botnets, rootkits or banking Trojans programs, Kindsight said.