I wondering what legal remedies might be available. Since you bought the phone with a tacit understanding that it would be functional for some period of time, and this vulnerability could compromise your financial information, if nothing else (certainly your personal information), failure to correct it might leave manufacturers/carriers liable. But, of course, IANAL. Any IAAL's want to chime in?