The worm exploiting vulnerabilities in “jailbroken” iPhones is isolated both by the type of device and geographically, but is a harbinger of threats to come against increasingly powerful smartphone platforms.

Security researchers have confirmed that hackers have modified the Duh worm to take control of unlocked, Internet-connected iPhones. The worm redirects the iPhone browser to fraudulent Websites designed to capture user credentials. International banking giant ING discovered the worm after finding sites mimicking its accountholder portals.

The worm has been detected only in the Netherlands, and it's only exploiting iPhones that have had their security features disabled by users—a process dubbed “jailbreaking” the devices to allow it to operate on non-AT&T networks and use unauthorized applications.

The concept of viruses and malware targeting mobile devices such as smartphones and PDAs has been around for nearly a decade. Security vendors such as Symantec and Trend Micro have offered antivirus and security applications for handheld devices since 2002. But the limited connectivity and power of these devices made them poor hacker targets.

The increasing processing power, growing number of applications, persistent connectivity and widespread adoption of devices such as the iPhone are making them more attractive to hackers. As users take advantage of embedded browsers for e-commerce, online banking and Web applications, hackers are finding a treasure trove waiting for their taking.

Research In Motion recently warned that smartphones and mobile devices, such as its BlackBerry platform, will come under attack by more frequent and sophisticated attacks. Scott Totzke, RIM's vice president of BlackBerry security, recently told the Reuters news service that hackers will likely start using smartphones as staging points for launching distributed denial of service attacks against conventional networks, as well as stealing user credentials for banking and financial accounts.

"These are not telephones anymore. These are computers. So people are going to have all the problems on their phones that they have on their computers," said Kevin Mahaffey, chief technology officer at Flexilis, a mobile security software maker, in a recent Reuters interview.

Security vendors have been predicting the rise in smartphone attacks for some time. Eugene Kaspersky, CEO of antivirus vendor Kaspersky Lab, told Channel Insider last April that threats against iPhones and other mobile devices will parallel the growth in third-party applications and distribution. As device manufacturers seek more applications for their platforms, they will have to open up their code base to developers. That, Kaspersky says, will give hackers and malicious code writers greater opportunity to develop exploits.

“My company will have a lot of work protecting mobile phone platforms. The more friendly the platforms become, the more malware will come,” Kaspersky says.

Smartphones, such as the iPhone and RIM BlackBerry, are a growing security headache for businesses that have neither the expertise nor capacity to support such devices. The Channel Insider 2009 Market Pulse Report found that end users are looking to solution providers and VARs to deliver support and maintenance services for smartphones.