Dan Auerbach, a staff technologist at the Electronics Frontier Foundation, points to outdated encryption standards and the inherent vulnerabilities of the baseband processor found on modern as the makings for a security hole through which users can be exploited at large.

The situation is similar to the PC boom of the late 1990s, Auerbach says. Just as PCs were designed to communicate freely with any and all network elements at the time, the baseband processors found on many of today's smartphones interact with any base station with which they come into contact.

At the same time, "the cost of having portable base stations has decreased quite a bit," Auerbach says. This has already enabled some police-state government agencies to create false base stations to monitor cellphone communications, he added.

"So you have just kind of a fake base station, and then you get a user's cellphone to interact with that instead of the real base station," Auerbach says.

This idea is known as the "baseband apocalypse," and it is nothing new. At last year's Black Hat DC Conference, security researcher Ralf-Philipp Weinmann and warned that new tools for establishing mobile base stations will make smartphones easier to exploit than in the past, when the code for base stations was retained by the service providers that managed them.