To date, the humble mobile handset has evaded the vast majority of security threats now commonplace among PC users. But every so often security experts issue a warning about the multitude of dangers mobile phones will be exposed to at various points in the future.

This week, one such report was published by the Georgia Tech Information Security Center (GTISC), which releases an annual Emerging Cyber Threats Report based on information contributed by a variety of experts. Smartphones, mobile VoIP, m-payments and botnets were among the forthcoming threats and vulnerabilities that received a mention this year.

The GTISC reckons that the shift to an all IP mobile network architecture and growing adoption of mobile VoIP will open cellular infrastructures up to the same threats that have plagued other network architectures.

Cyber criminals will be drawn to the VoIP medium to engage in voice fraud, data theft and other scams, the security body warned, adding that Denial of Service (DoS), remote code execution and botnets will also become more problematic for mobile devices as well as a result.

“Criminals know that VoIP can be used in scams to steal personal and financial data so voice spam and voice phishing are not going away” said Tom Cross,a researcher with the IBM Internet Security Systems X-Force team. “Denial of service will also continue to be a significant threat to VoIP. If a large number of VoIP phones become infected by malware and flood a network with traffic, the results could be extremely disruptive. We expect some cyber criminals to attempt to blackmail carriers based on a DoS attack scenario,” Cross added.

As the networks evolve, so to do the devices using them, and Cross notes that when it comes to the mobile experience, the iPhone has dramatically changed the perception of what mobile devices can do. He quite plausibly expects that in addition to business users, a growing number of consumers are more likely to want the advanced capabilities of a smartphone for everything from mobile banking to iTunes access.

“While exploits targeting the iPhone have circulated publicly, I’m somewhat surprised that there haven’t been more attacks to date,” said Cross. “Financial motivation and increased adoption will increase attacks to smartphones in the years to come. As more payment infrastructure gets placed on these devices, they will become a more attractive target.”

This point was emphasised by Dave Amster, vice president of security investigations for Equifax, who forecasts that more and more financial transactions will take place over mobile devices. “Consumers are ordering credit reports from their BlackBerrys, which puts valuable information at risk. The challenge for businesses and banks is going to be maintaining secure mobile applications and ease of use at the same time,” he said.

Meanwhile, Patrick Traynor, an assistant professor in the School of Computer Science at Georgia Tech, warns that as in the PC world, malware will likely be injected onto cell phones to turn them into bots. “Large cellular botnets could then be used to perpetrate a DoS attack against the core of the cellular network,” he said. But Traynor also believes that because the mobile communications field is evolving so quickly, it presents a unique opportunity to design security properly. “An opportunity we missed with the PC,” he said.

Traynor pointed out that most people buy a new mobile device every two years, giving a much shorter life cycle than the typical PC or Windows installation, which is closer to ten years.

“The short life cycle of mobile devices gives manufacturers, developers and the security community an opportunity to learn what works from a security standpoint and apply it to devices and applications more quickly,” said Traynor. On the downside however, Traynor pointed to battery power as a primary hurdle. “If you place antivirus software on a mobile device, it will run the battery down, so mobile security will require new approaches and partnerships between manufacturers, carriers and application developers.”

The GTISC cited Google’s recently launched Android platform as a step in the right direction. Because it makes the mobile application development environment publicly available, it becomes easier for application developers to apply security to programs designed for smartphones.