Like any other kind of endpoint device, smartphones need to be defended against network-borne attacks - that means over Wi-Fi, 3G/4G, and Bluetooth.
Smartphones don't ship with host firewall protection, so can often be pinged and port-scanned by other devices. For example, if I scan an Android (HTC) phone connected to the same WLAN, I can find it listening to ICMP ping. If I scan an iOS4 (iPod, iPhone, iPad) device connected to the same WLAN, I can find it listening to ping AND the iPhone sync port. All listening services present opportunities for attack; installing a host firewall on your smartphone can deter this.
Smartphones also have vulnerabilities that are network-type specific. A large number of Bluetooth vulnerabilities and exploits are described here, many of which can be employed against Bluetooth-enabled smartphones: http://airodump.net/bluetooth-security-vulnerabilities
When it comes to Wi-Fi, smartphones share many of the same vulnerabilities associated with other kinds of Wi-FI devices. For example, they can be tricked into connecting to Evil Twins and fall victim to application man-in-the-middle attacks (phony web servers, phony mail servers). MitM can be used for identity theft (by grabbing logins and passwords) or it can be used to try remote exploits. For example, Metasploit modules can be used to launch Android XSSF, iPhone Safari, and iPhone MobileMail exploits against smartphones. To search the many vulnerabilities reported in mobile devices, visit http://cve.mitre.org
Another less obvious Wi-Fi vulnerability found in many smartphones concerns how they manage Wi-Fi (re)connections. For example, your iPhone may well be probing for SSIDs (wireless network names) you connected to in the distant past. However, you will not see them in the "Choose a network" list if no nearby WLAN is currently beaconing that SSID. This can result in accidental reconnection to a previously-used Wi-Fi hotspot, followed by auto-synchronization of email and calendar data over an unencrypted network. For more discussion, see this AirWise post: http://bit.ly/mjx9o4
These are just a few of the ways in which smartphones are vulnerable to wireless attack.