The NSA can't reach out through the ether and touch your phone. Instead, they have a limited number of ways to reach your phone. The article describes only two methods: when you sync your phone via USB cable to your computer, and hacking BlackBerry's servers.
By design, when you "sync" your phone, it makes a duplicate copy your contacts, SMS messages, and email. That's the entire point of syncing: to make a backup copy of everything on your phone. It's not really that the NSA has hacked your phone, the underlying principle here is that the NSA has hacked your desktop.
In addition, anything that the NSA didn't get via normal, allowed syncing, the NSA can get via jailbreaking. Jailbreaking is when hackers unlock phones like the iPhone so that they can install software Apple doesn't approve of. Every time I buy a new phone, the first thing I do is jailbreak and install unapproved software. Every time somebody releases a jailbreak for the iPhone, the NSA quietly copies the jailbreak into their malware. Indeed, some researchers simply sell their jailbreaks to the NSA instead of releasing them to the public.
The story hypes the NSA's powers of offense by hyping BlackBerry's powers of defense, by claiming BlackBerry's mail system "is known to be very secure". Known by whom, exactly. Can you cite a source? Any source? I'm an expert in cybersec, I know lots of experts, and I nobody I know thinks BlackBerry's mail system is very secure. Indeed, it's rife with vulnerabilities, and that it's not "end-to-end" is an enormous (and well known) security flaw. It's only benefit is that it provides an encrypted link to the corporate email server, it's that link which is "known to be secure", not the email service itself.
As an offside, searching for all the use of passive voice is one of the easiest ways to find all the flaws in a story, when the journalist is making things up or being lazy.
The actual facts of the NSA's surveillance are disturbing enough. We don't need the press to exaggerate them. Moreover, it's an issue of trust. #Snowdengate has revealed the NSA to be an untrustworthy institution (and possibly our entire government), but it's also revealing the press to be untrustworthy as well.
Update: So how would NSA get your phone? Here are some ways;
- Through the sync process with your desktop -- but they'd need to "put a virus" on your desktop first (as described above)
- Through the Internet against a "service" on your phone -- except that your phone has almost no services that aren't filtered.
- Through the Internet against a "client" on your phone, like a browser -- which requires 0days, and that you visit their website.
- Through trojan apps on an app store -- hard not to get discovered, and they must convince you to download the app.
- Locally via bluetooth -- probably impractical unless you pair bluetooth with them.
- Locally via WiFi -- lots of good ways, but if they are close enough for WiFi, they are close enough for better monitoring of you.
- Locally via USB -- just as trojaned chargers at airports (which you should avoid using).
- Through an over-the-air update from the cellphone carrier like AT&T or Vodaphone -- requires complicity with the carrier, which is near impossible.
- Through an update from your phone vendor -- again requires complicity with the vendor.
- Through a trojaned component on the phone -- requires bribing a chip manufacturer like Broadcom to put special features in their chips or drivers.
- Controlling your carrier's servers to get metadata -- requires either a subpoena, hacking, or bribing the support, exposing them (which indeed was done by Snowden).
- @eqe: "Exploit one of the many known 0day in the 3G baseband, leverage to APU code execution" -- in other words, hack the cell chip in the phone, which is essentially a separate computer from the rest of the cellphone, this requires fairly local access, to be within radio range.
- Controlling BlackBerry enterprise servers -- such as by hacking or bribing somebody.
For example, let's say that there is a suspect terrorist in Pakistan with a BlackBerry working for a large Pakistan construct firm. That firm outsources it's IT to China. Therefore, the NSA bribes somebody in China to have them put a backdoor on the BlackBerry Enterprise Server. This then allows them to eavesdrop on the guy's email. It's a complicates sequence of events that comes down to "we got his phone", but what gets them there is classic spycraft that has little to do with phones.
Update: @ChrisEng points out that there's a difference between normal BlackBerry Internet Services (BIS) provided by your phone carrier, and BlackBerry Enterprise Services (BES) provided by your company. BES is the stronger set of services, where effectively your phone creates a VPN to your company, and your company controls all your emails, what apps you can have on your phone, and so on.
Update to update: the story I link above doesn't clarify BES or BIS, but the full story does clarify BES.