A security hole in older mobile phones proves that future modification of an IT product and the risk from it is no longer limited to customer actions. Developers must also consider the behavior of unknown abusers for whom their product is not intended.