Malware has been able to do this for some time. Back in 2004 I (and many others, all independently) identified that some mobile phones (for me, most notably my beloved Nokia 6310) had a hidden bluetooth AT profile that supported unauthenticated connections.
It was quite simple to connect to and gave you effective access to a modem Hayes AT-style interface with mobile phone extensions, allowing you to download or modify address books, connect to the internet using their phone or even make phone calls.
The key thing is the monetisation. Just as with all the startups on HN, without monetisation you're effectively dealing in experimentation. With a monetisation route it all becomes worthwhile. Presumably the people who did this have some form of perceived monetisation route for the data they stole, otherwise they wouldn't have done it on quite that scale.
I wasn't trying to say phone malware didn't exist, my point was more that comparing the latest trends in Android exploits to browser exploits didn't really match up. I could have done a better job of saying that.
No worries, it's always easy to misinterpret text. Until recently there's not been a large amount of malware seen in the wild. A lot of the growth in mobile malware seems to be down to the following factors:
1) Increase in adoption of smartphones, most notably Android and iPhone
2) The general lack of, or poor abilities of software to detect intrusions on said devices
3) The lack of regular updates while relying upon skimmed down versions of major desktop apps and OSes (most notably that you can target android and iphone with the same bug, as shown earlier followed by a clear kernel bug escalation path)
4) The introduction of mobile malware into open source, commercial and blackhat exploit packs.
5) The transferability of monetisation strategies for malicious desktop compromise to the mobile market.
I'm sure I've missed more, but they're the main ones. 5 is the motivating factor, 4,3 and 2 make it easier and 1 unfortunately believe that we're approaching an unexpected variant in Dan Geer's monopoly hypothesis (see http://cryptome.info/0001/cyberinsecurity.htm for details) - and that a duopoly with shared (flawed) code doesn't appear to be much better than a monopoly.
Incidentally that stylesheet bug affects browsers across all main platforms and architectures, across pretty much every class of device (phone, netbook, laptop, desktop, workstation, server on windows, linux, osx, *bsd, Solaris, iOS, Android running on x86, x86_64, ARM and SPARC). If that's not a sign of bad things to come, then I'm not quite sure what is.
It was quite simple to connect to and gave you effective access to a modem Hayes AT-style interface with mobile phone extensions, allowing you to download or modify address books, connect to the internet using their phone or even make phone calls.
The key thing is the monetisation. Just as with all the startups on HN, without monetisation you're effectively dealing in experimentation. With a monetisation route it all becomes worthwhile. Presumably the people who did this have some form of perceived monetisation route for the data they stole, otherwise they wouldn't have done it on quite that scale.