Whitepaper discussing how to not get man-in-the-middled at Defcon / Blackhat. Attackers in position to carry out Monkey-in-the-Middle against CDMA2000 links between customer stations and their carrier BTS equipment can leverage silent push PRL updates to apply a routing list preferring paths through malicious “tower(s)” carrying the subscriber voice and data traffic under threat. The use of a specific PRL version Zero (0), aka Preferred Roaming List Zero Intercept Attack, implements the rogue tower associations with least potential interference to legit carrier bands and devices present in broadcast domain of attack.
You can download it from the following link: https://packetstormsecurity.com/files/download/127750/preferred-roaming.txt
Source: https://packetstormsecurity.com/files/127750/The-Preferred-Roaming-List-Zero-Intercept-Attack.html