There would have to be a buffer overrun in the text message handling code plus a way to exploit it in 160 characters. That sounds difficult, unless I'm wrong about the fact that the carrier enforces the limit.
I could maybe see doing it with MMS or iMessage. The more I think about it, the more interesting this question is...
Has anyone heard of any exploitable flaws in a phone's SMS software?
It's not just buffer overruns that can cause issues. You can crash the font display system by sending characters that aren't handled properly. You may also be able to direct the phone to download a hacked firmware update via SMS (AIUI carriers sometimes use specially-coded SMS messages to tell phones to update their software, PRL, etc.).
On windows mobile 6.0, you could send wap pushes that linked to signed apps which would auto-execute/install.
right now, there aren't any vulns which are similar in danger that I am aware of. SMS isn't a super friendly medium for stack manipulation, and most modern mobile OS'es implement ASLR.
I could maybe see doing it with MMS or iMessage. The more I think about it, the more interesting this question is...
Has anyone heard of any exploitable flaws in a phone's SMS software?