Replying to @RnDanger@infosec.exchange
@RnDanger @CyberPunker extremely unlikely. From my knowledge you'd need to use a malicious tower that the user connects to, then send a zero-click SMS exploit or something, which would require breaking the network's security now that mutual authentication of the tower is a thing.
The study appears to be about asking existing towers whether or not a known identity is connected, which is definitely still a significant tracking risk, but it's a much smaller one than the previous attacks that could just hoover up everyone in an area. (it needs to be done in real time, and you need to already know the ID you want to track beforehand. So "gather the IDs of everyone in this area" can't be done with it)