I have been doing this type work for over forty years. Starting back in the days when the hardware was so primitive you had to sample the line voltage and shift bits in using software in order to assemble characters on a comm line. Your "Debunking" is naive over-confidence.
In a public, non-technical environment like DU, there are many things I can't or won't discuss for obvious reasons. I try to use non-technical articles where possible, but with enough detail for those more technically adept. Within these constraints, here goes.
If I can execute arbitrary code on your phone, I can do all the things I described and more. Guess what? Lots of ways to do that, just as there a lots of ways to do that on a PC or Mac. Of course, security holes are plugged as fast as possible, but every new feature or new device opens up new attack vectors.
SMS is limited to 160 characters per message, but multiple messages can be assembled into much larger items. Various SMS implementations have had vulnerabilities allowing buffer overruns and arbitrary code execution, often with "root" privs. The rush patch for the iPhone (3.0.1) late July 2009 fixed such a vulnerability announced the prevous day. It was a widely reported example of this type. The following non-technical article gives a little intro to the SMS issues.
http://www.macworld.com/article/142179/2009/08/iphone_sms_security.htmlA bigger problem comes from how phones handle SMS-related messages, particularly the MMS (multi-media) messages. These are little more than URL/URI links to a file on a server containing an image, video, voice, or other content. How these are processed on the phone raises the same type issues one encounters with browsers and viewers on PCs and elsewhere. Phones can also have vulnerabilities in browsers and mail.
Even a "simple" image can be an exploit these days. That spam message that got through and seemed to just contain an image might be using embedded XML or XHTML of some time to take over your system. A recent example we trapped contained a small piece of XML that defined a private color mapping system for displaying the image, with a link downloading futher code that many systems would happily execute while rendering/displaying the image -- all from just reading your mail without you clicking on anything. There are specific things like that which currently work on many cell phone environments and I expect to see more over time. (Search on "phone vulnerability", maybe adding SMS or MMS.)
There are other risks from SMS to the wireless networks, including denial of service for voice and messaging. These risks increase if large numbers of phones can be hacked, much like current PC botnets.
For those seeking more about the SMS issues, here is a link to slides from a presentation last summer at Blackhat. Much of it can be understood without significant technical background. Things have been moving quickly since then, but it is still useful.
Slides from Blackhat 2009: "Attacking SMS"
http://www.blackhat.com/presentations/bh-usa-09/LACKEY/BHUSA09-Lackey-AttackingSMS-SLIDES.pdfAny questions?