Getting a text message is akin to someone sliding a piece of mail under your door: You may not have asked for it, you can't stop its delivery and you have to deal with it whether you want to or not.
The fact that text messages appear on mobile phones without any interaction from the user, and sometimes with limited interference from the cellular network operators, can give criminals an opening to break into those devices, as three teams of researchers showed Thursday at the Black Hat security conference here.
Their targets ran the gamut.
Apple Inc.'s iPhones and phones running Microsoft Corp.'s Windows Mobile and Google Inc.'s Android operating systems were all shown to be vulnerable. In some cases, the problems weren't with software, but the way cellular networks process messages.
Premium content for only $0.99
For the most comprehensive local coverage, subscribe today.
The findings are troubling as people increasingly use their phones for handling sensitive data, like e-mail and online banking.
Phones are morphing into mini-computers, which means they're going to start getting attacked like PCs.
In some respects, phones are relatively safer. Cellular carriers control their networks more tightly than anyone controls the Internet, so they're in a better position to stop new types of attacks that crop up.
Telling the difference between harmful and legitimate traffic can be tricky, though. And anonymity still is possible given the proliferation of prepaid plans that don't require long-term contracts; a carrier can trace an attack to a particular phone but not necessarily to a particular person.
The techniques demonstrated Thursday show that even disciplined and safety-conscious users could have their phones hacked because they can't totally control what's coming into them.
Innocent people could have their smart phones knocked offline, commanded to visit sites hosting pornography or viruses, or even turned into remote-controlled subordinates of a criminal gang behind an attack.