He discovered that a vulnerability existed where a Java flaw could be exploited by sending a specially-crafted over-the-air (OTA) cryptographically secured text message. SIM cards can contain phone numbers, contact information, and other personally identifiable information to the phone owner.
image: cnet asia
As it turns out, the unnamed carriers utlized the vulnerability themselves to hack into the SIM cards and patch them, thus leaving them unhackable again by the same exploit. So in this case, white-hat hacking saved the day.
Full story from ZDNet.