Back when engineers first designed the GSM mobile phone network (the one used by AT&T and most global providers), they included SMS as almost an afterthought. Mobile phone networks are constantly at work even when you aren't making a call. Your phone communicates with the network constantly to keep it updated on your location (so calls can route to your phone), receive voice mail notifications, and know when to ring. That's why your battery drains even when you aren't making calls--technically, your phone is talking. This is known as the signaling network, and it uses dedicated radio channels separate from voice calls. Once the engineers designed this back-end messaging and signaling, they decided it might be nice to also send short text messages to and between phones, dedicated 160 characters to it, and SMS was born.

SMS is basically just another message on the signaling side of the network, which has been adapted for a variety of activities. When you receive a Visual Voicemail on your iPhone, it's a kind of SMS message. On phones and networks that support multimedia messaging (MMS, which the iPhone 3.0 software supports, but which ), an MMS is merely a special SMS with the address for your phone to download the photo, video, or audio file. While you see the result, a voicemail or photo/video (except on AT&T), you never see this initial message that triggers the download or other action. Your phone processes the message before you ever see it.

Charlie and Collin discovered a way of directly manipulating signaling messages to your phone, without necessarily sending them across the mobile provider's network. Smartphones are essentially small computers; most use a separate chip for handling wireless communications versus the rest of their applications, while the actual processing of messages is handled with a background application on the phone. The researchers investigated techniques for directly hacking the phone and manipulating the data received by this application, thus allowing them to test without having to send messages over the mobile network. This kept them from experiencing a text messaging bill larger than that of the combined teenage population of a major city.

On the iPhone, this application is called the CommCenter. It handles all of the device's communications, including Wi-Fi and Bluetooth. The researchers discovered various ways of attacking this program using SMS messages. Some attacks would merely disable wireless or reboot the iPhone user interface, while others could give them control of the phone. Since the phone processes these messages before displaying them to the user, nothing would necessarily be visible on the phone as it was under attack. The most serious attack would take hundreds of messages and eight to 10 minutes to execute, which would unusually drain the battery, but not necessarily show any other indications. The attack worked differently on different versions of the iPhone software, but could be executed via AT&T's network and potentially allow nearly complete remote control of the phone. They also discovered vulnerabilities in Google's Android phone operating system, and Windows Mobile.