Exactly, it sounds as if the mitm attack wasn't based on hijacking a broadcast, but on redirecting data/voice/sms/etc. from a cracked device to a network of the attacker's choosing. The redirection wasn't based on fooling the phone into connecting , it was based on explicitly changing the network the phone connected to.
A very interesting attack, but not interesting in the sense that cdma/wimax (perhaps LTE too?) is unsafe but in the sense that there are serious vulnerabilities in the network stack for android.
A very interesting attack, but not interesting in the sense that cdma/wimax (perhaps LTE too?) is unsafe but in the sense that there are serious vulnerabilities in the network stack for android.