It was only a matter of time before hackers and spammers started preying upon smartphones and other handheld mobile devices. Once mobile devices and associated mobile operating systems gain enough volume to make it worth a hacker’s while to target them, IT departments and their users need to start treating the gadgets with the same security precautions as they do laptops and PCs.

Well, that volume is quickly accruing: According to Gartner, worldwide sales of smartphones running the most prevalent five operating systems will double this year, from about 53 million units in 2005 to about 107 million in 2006. The firm expects those sales to double again by 2008, when more than 212 million will ship.

And, indeed, in late August, reports of Short Message Service (SMS) phishing attacks surfaced on McAfee’s Avert Labs blog. In such an attack, described by McAfee mobile threat researcher David Rayhawk, a spammer sends an SMS message to a Microsoft Windows Mobile-enabled device “confirming” that the user has signed up for a fee-based service (in this particular case, a dating service). To “cancel” the service, the phone user is directed to visit a certain URL and download a program that is actually a Trojan horse. The malware turns the smartphone into a zombie, enabling it to be controlled by hackers. This form of attack is operating system-independent.

Security companies such as McAfee and Trend Micro provide relatively small-footprint mobile antivirus software that scans for and blocks incoming messages with malicious signatures. Trend Micro also offers antispamming software that allows you to create white lists of acceptable incoming numbers and blacklists of known “bad” numbers and to reject messages with no phone number attached to them.

Both companies have indicated that mobile firewalls are coming - and will be necessary - once the use of dual-mode smartphones heats up. McAfee already offers Firewall Mobile, shipping for Sony Ericsson UIQ devices, and says it plans future availability for Windows Mobile and Symbian Series 60.

“Today, you’re pretty well confined to a given mobile operator’s network, which has been secured,” says Todd Thiemann, director of mobile device security at Trend Micro. “But the latest slew of devices has Wi-Fi, so you’ll need to protect your device in Starbucks [and other public and private Wi-Fi service locations]. We’ll see the firewall functionality in short order.”

Joanie Wexler is an independent networking technology writer/editor in Silicon Valley.