This is a different reality when we think about PCs where it is much harder to find the IP or MAC of a specific target. The phone numbers identify ourselves and an address to reach or mobile phones that may be vulnerable. It is actually an interesting aspect to pay attention security-wise.

But as you mention, the fail point is on the application or in the system (to let a malicious code be downloaded without confirmation) of the mobile phone.

At last, the telecom network is a more surveilled one, more controlled. It is probably possible, but I’ve never heard of a malicious SMS Dos attack or similar.