I had a chat to a friend who's worked in the mobile industry for decades. He said that 4G phones (possibly 3G too, I don’t recall) only use the shared secret key for the initial sign-on to the parent mobile network. Thereafter, new keys are generated and stored at both ends and it's these keys that are used to authenticate the end points and bootstrap encrypted connections. New keys are re-issued at intervals, although I don’t know what the interval time is.
So whilst it would be possible to decrypt phone connections if you had your hands on the original secret Ki stored in the SIM, you'd have to record every connection between the phone and the network in order to obtain all the subsequent keys as well & if you miss out on the initial sign-on, or any individual re-keying then you’ll be shut out of that phone’s radio communications thereafter.
I imagine the NSA would be willing to try and do this for some target networks, but where they already have internal network access (US/UK/Five Eyes, any other network they've hacked into) it would be a lot of pointless effort.
The fake base station attack presumably works by forcing a downgrade to 2G, which is another approach, but one that requires local assets on the ground within phone range (unless you can do something with high gain antennas pointed at a specific target phone from a distance? That sounds hard, but the NSA likes hard as we know - throwing resources at something isn’t a problem for them.)
Short version: Knowing the OTA key lets you push malware to the target phone SIM which you can use to surreptitiously exfiltrate data from the phone via SMS messages, amongst other things.
So whilst it would be possible to decrypt phone connections if you had your hands on the original secret Ki stored in the SIM, you'd have to record every connection between the phone and the network in order to obtain all the subsequent keys as well & if you miss out on the initial sign-on, or any individual re-keying then you’ll be shut out of that phone’s radio communications thereafter.
I imagine the NSA would be willing to try and do this for some target networks, but where they already have internal network access (US/UK/Five Eyes, any other network they've hacked into) it would be a lot of pointless effort.
The fake base station attack presumably works by forcing a downgrade to 2G, which is another approach, but one that requires local assets on the ground within phone range (unless you can do something with high gain antennas pointed at a specific target phone from a distance? That sounds hard, but the NSA likes hard as we know - throwing resources at something isn’t a problem for them.)