It's not often that Android's fragmentation is touted as a benefit, but the fact that Android isn't a monoculture is certainly one of the hurdles to developing a worm capable of mass deployment. Supposedly the varying implementations of the Android media services mean a libstragefright exploit may or may not end up with root access.
Now, if this were an iOS zero-day exploit...
[Actually, it'd be trivial for the carriers to filter the payload, so I don't reckon SMS/MMS is ever going to be a viable transmission vector.]
Yes, I believe the payload have to be tailored pretty much exclusively for each type of device. But, I doubt that would stop anyone trying. Company phones are often the same type and model, someone with a certain target in mind could probably put in the hours.
do carriers already have a mechanic in place to trigger precautions a message matching worm-like patterns (similarity, mass transmission)? or would they have to implement one after it's too late?
Now, if this were an iOS zero-day exploit...
[Actually, it'd be trivial for the carriers to filter the payload, so I don't reckon SMS/MMS is ever going to be a viable transmission vector.]