In my understanding, it needs operator level access to control the modem, or is it also possible to control the model using a MITM like scenario (off the air interception). If the latter is possible, it can become all the worrisome! Any ideas?
Yeah, of course. Calls itself IMSI Catcher (the variant used by police/secret service). You can build one yourself with OsmocomBB and the rest of that open-source GSM network infrastructure stuff.
Voila, there is your operator-level access from the radio side.
