HTC users may have reason to be nervous about the safety of their personal information, after security firm MWR InfoSecurity revealed a HTC phone can be used as a remote bugging device.

The alarming discovery was revealed at last week's Black Hat Security Conference in Dubai according to Secure Computing Magazine.

MWR InfoSecurity did not reveal which HTC device is vulnerable and how the security flaw could be harnessed by hackers. But the firm's principal information security researcher, referred to only as 'Nils', said the phone's owner would be completely unaware their device had been compromised. It is implied that the flaw could be exploited remotely, without the need to physically access the phone.

''A user would never know that every word they were saying was being recorded and transmitted back to the attacker and the attack (once executed) would be trivial to perform,'' he said.

In August, MWR revealed that the Palm Pre could also act as a remote bug, with a specially crafted message all that was required to completely compromise the phone's operating system. The firm also pointed out a vulnerability in Google's Android platform that allowed login credentials and cookies to be stolen.

Nils pointed the finger of blame for mobile security flaws at both manufacturers and mobile carriers.

''Mobile phone and network providers have got to ensure security is a central component of the design and software provided. The situation is serious enough for MWR to recommend that users should review what personal information, bank details, passwords and identity information is stored on their phone,'' he said.

He said the situation was being made worse by the inability of manufacturers to ''push'' security fixes to end-users, as would be the case in a desktop computing environment.