And isn't the message encrypted before it gets to the baseband?

> malicious wifi operators

Malicious GSM operators as well.

"Fake cell towers" are rampant across America and operate without warrants. Thats why the police are trying to hard [0] to protect their existence. There is a new project today announced to track all the IMSI catchers around America: https://www.indiegogo.com/p/1016404

These tend to be used to track locations of people but they can also be used to intercept SMS and mobile internet traffic.

[0] http://www.baltimoresun.com/news/maryland/baltimore-city/bs-...

How would you see a baseband attack in the wild without access to the baseband? It is a circular problem. The main issue is "we just don't know," the baseband is unverifiable from a security standpoint.

German police and intel agencies sent 440,000 sms type0/stealth attacks to trace phones last year, FBI sent an OTA to a suspects internet stick to broadcast his location, and something shady is going on at airports according to Cryptophone GSMK who's radio 'firewall' goes off whenever you get near an airport. Besides that Samsung backdoor found by Replicant Mod that has access to /data and /sdcard haven't heard of other directed attacks yet.

Of course google can install whatever they want on your device if given a NSL including a modified WhatsApp that sends in plaintext straight to the police everything you type but haven't heard of that yet either.

Since Facebook makes money harvesting data wonder if WhatsApp grabs advertising keywords first then sends via textsecure layer.

good luck detecting baseband attacks in the wild. i hope you've got a transceiver with you and a rainbow table for cracking the A5/1 etc on your cell link.