More and more functionality is provided by mobile phones today; this trend will continue over the next years. However, with the increasing functionality new risks go along. This not only applies to security-critical mobile applications such as m-banking or m-commerce applications. The end user’s privacy may also be in danger or the operator may be the target of an attack. In this paper, we discuss security risks introduced by mobile phones considering the perspectives of the different parties involved in telecommunications systems. Specifically, we demonstrate those risks by means of a security hole discovered in a large number of mobile phones. The security hole can be exploited to obtain manufacturer or even operator permissions. In particular, we implemented a Java-based Trojan horse. This way, the compromised mobile phone can be used as an eavesdropping device by an attacker. All in all, this demonstrates that the risks are not only theoretical, but also real. We also sketch a...