I’m very glad someone took the effort to prove this can be done, for all the denialists and optimists-to-the-point-of-criminal-negligence out there to get a grip:
“A team of security researchers has created a proof-of-concept Trojan for Android handsets that is capable of listening out for credit card numbers – typed or spoken – and relaying them back to the application’s creator.”
Source: ThinkQ article
This means that installing a single malicious “app” for your smartphone can turn it into the ultimate tool to steal any of your confidential information. Notice that anything you *say* over the phone is also suspect.
Blog post by Bruce Schneier with good links here.
The funny part with this is that the optimists will say “yeah, but it needs user permission!”, as if they know exactly where each and ever piece of software they installed on their computer/phone came from. Or as if automated remote installation of smartphone apps will not come knocking on our doors as it did for personal computers.