A security researcher has demonstrated an Android based, SMS-driven smartphone botnet. Presented at this year's ShmooCon conference, the proof-of-concept shows multiple phones accepting commands from a central location, with knowledge of the commands interface.
"A botnet control scenario is presented in which smartphone bots receive instructions through sms that are processed by a proxy between the GSM modem and the application layer, making the botnet messages transparent to the user. An Android version of the bot will be shown in action, and proof of concept code will be released for multiple platforms."
Upon sending a simple SMS message to the already infected smartphones, the response in terms of the actions executed can be tailored to the needs of a malicious attacker looking to create a mobile phone based botnet for literally any kind of malicious purpose. (Here's a video of the demonstration).
What's the future of mobile malware and smartphone botnets? Sadly, the future looks bright. From social engineering driven malware infections on Android devices, to flawed from a security perspective, efficiency-driven models, malicious attackers remain perfectly positioned to capitalize on these exploitation vectors, unless the average and enterprise users become aware of them.