Wherever I May Roam: Stealthy Interception and Injection Attacks Through Roaming Agreements

The paper shows that roaming agreements, originally meant to help operators work together, can also create opportunities for abuse by actors with access to roaming infrastructure. In that setting, an attacker can run stealthier rogue base stations, intercept traffic, or inject management messages toward a victim device.

It highlights a point that is easy to miss: some weaknesses do not come from a single software bug, but from the rules that hold the wider mobile ecosystem together.