While Apple could have saved those of us in the security community a little stress by releasing its patch before Black Hat (the researchers notified them of the issue ahead of time), it was fixed in the iPhone 3.0.1 update the next day.

This new category of attack is interesting for a number of reasons. First, SMS is ubiquitous on modern phones--for many customers, it's considered as essential as voice communications themselves. I personally struggled with the decision to keep SMS enabled after seeing the research, and decided to accept the risk until I heard of any active attacks by bad guys.

Second, since SMS is always enabled, it completely circumvents firewalls or any other security controls we're used to using on computers. It's a back channel that we can't even filter if we wanted to, unless the phone provider builds in some sort of defense themselves. Since we connect these phones to our home and corporate networks, they could potentially become a back door to our protected networks.

Finally, while iPhone users are fairly used to updating their phones, this isn't necessarily as true of other brands where a vulnerability could linger for far longer.