Smartphone security gap exposes location, texts, email, expert says

Just as U.S. companies are coming to grips with the threats to their computer networks emanating from cyber spies based in China, a noted expert is highlighting what he says is an even more pernicious vulnerability in smartphones.

Dmitri Alperovitch, the former McAfee cyber security researcher who is best known for identifying a widespread China-based cyber espionage operation he dubbed "Shady Rat," has used a previously unknown hole in smartphone browsers to deliver an existing piece of China-based malware that can commandeer the device, record its calls, pinpoint its location and access user texts and emails. He conducted the experiment on a phone running Google's Android operating system, although he says Apple's iPhones are equally vulnerable. "It's a much more powerful attack vector than just getting into someone's computer," said Alperovitch, who just formed a new security company, called CrowdStrike, with former McAfee chief technology officer George Kutz.