heres the scary part: if your phone is sms capable, you can't stop them. at least not with sprint. the only way to stop sms to your phone is to change your phone number, and even then it's just a matter of finding your new phone number. sms uses voice services, so if your phone has voice service and is sms capable, you can't but recieve anything that is sent to your phone. that would make any virus spread thru sms devastating. just food for thought. as it stands all a person needs to do to send a text message to every possible phone number is write a script that sends the text message from a computer (possible) to all 6billion possible phone numbers that exist (ten digit phone numbers, 10 billion theoretical possibilities, cant start with a 0, 1, 8, or 9, so that eliminates 4 billion, leaving 6billion possibilities, I could be wrong, correct me if I am) most of which are home telephones, which would just error out in the phone system. A text message can be sent from a computer via the web in the time it takes to send a packet. meaning, properly scripted, this task could be done in a few minutes. a text message to EVERY PHONE NUMBER POSSIBLE. affectively infecting every vulnerable phone in the country.

<scary speculations list v1.0>
1. a virus that deletes PRL (preferred roaming list) causing the phone to at best be in perpetual roaming (roaming charges out the ass) or at worst, completely worthless, unable to make or recieve calls, and constantly searching for service, causing the phone to at best run the battery down in a matter of minutes or at worst overheat and fry. Note: phones like all electronics contain electronic components capable of shorting out and perhaps precipitating an inductance loop causing electrostatic discharge or explosion, either of which could cause serious injury.
2. a worm that gathers proprietary user information and sends it to the writer, giving him pictures, email, and ISP account passwords (all of which are stored in the phone) for malicious or intrusive intent.
3. a worm that gathers phone numbers in address books and sends them to spammers and spreads thru the same means.
4. a worm that causes the phone to dial 1-900 and other toll calls (disallowed on many providers, but not all)
5. a simple virus that scrambles or deletes phone programming, including but not limited to mdn and msid (phone number and network identifier) making the phone incapable of making or recieving calls.
6. worm that collects mdns, msids, esns, many of which could be used theoretically to tap cell phones.
7. think of all the important and confidential data people keep in their pda's (credit card numbers, bank codes, pin numbers, addresses, phone numbers, appointments) now imagine that pda had a wireless connection to the web and was infected with a worm with the intentions of leaking any or all of this information to the creator. (affected devices: handspring treos, toshiba g1000s, samsung i500s, countless others.)

with the use of the MSL (master subsidy lock) easily obtainable with a simple brute force attack (6 digit decimal number, a few minutes tops.) any of these things and more are possible. I could manually do a lot of damage to a phone just with settings alone, imagine what a capable and willing individual could do with a virus. pretty much all passwords used to remotely access billing and personal information online are protected by a block, locking the account if the wrong passwords are tried too many times, but all of these are stored with only the protection of the msl, which has no such restriction and noone has a way to stop someone or even tell if someone is attempting a brute force on the msl.

to give you an Idea of how dangerous this information could be, I could take one sprint phone and program it, with the help of the msl, to act as another person's phone (one already in use) and allow you to talk using their minutes, have free internet access, buy ringers, games, screensavers, all on their dime. use unlimited readilink (coast to coast walkee talkees) and even connect a mobile phone to a computer and have wireless broadband access to the web from anywhere in the continental united states. I could do that... right here right now, without any research or looking anything up. imagine what a more determined person could do. (most of the skills I have that I would need to do this are proprietary to sprint, which is why I singled them out)