There are numerous ways in which hackers can gain access to a mobile device, though with time and methods used by earlier hackers become obsolete with time. Primarily handsets can be hacked by installing a software on the device itself (those using apps will quickly notice it), or by making the users visit a webpage which has a malware on it.
Users inadvertently also reveal information about themselves. Those who post tweets using their phones, disclose their location. Even while using apps, the users’ location is disclosed to mischievous persons. This kind of low level surveillance assumes great importance when it is directed at high value targets.
The earlier version of mobile network software also had several weaknesses, which allowed even fake base stations to operate. Such fake base stations could collect all the information about any mobile phone users, if they so desired. This flaw is not there anymore in the 3G networks.
There are also tools to decode information available on 2G networks.
Spywares, which are commercial software programmes, can take copies of everything available on the phones and record its location. All this is done, without the user knowing the spyware resides on his or her phone. They also make copies of text messages (a difficult task even for hackers).
Since getting access to the device itself is difficult (not impossible), another option might be to send an email to the users which also has a hyperlink which looks harmless in first instance, but leads the user to a malware site.
Take Zeus Mitmo for example, which installs itself on a mobile phone through an SMS which asks for a reply. It looks as if the SMS has come from the bank, so the users feel more motivated to reply to it.
Can it get any easier than this? Even games and other apps, those which disclose they are collecting information, steal more information than they should.