292
France grants police power to spy on citizens through phones
(www.techradar.com)
This is a most excellent place for technology news and articles.
https://www.techtarget.com/searchsecurity/news/252464873/Google-Triada-backdoors-were-pre-installed-on-Android-devices
Also, you're connecting to a nearby cell tower which then relays your connection to the wider web, with an exit point at your VPN provider.
If the nearby cell tower is compromised, they can try MITM attacks which might not need SSL authentication (e.g. you might have a backdoor on your device that does not require an external certificate to access it (in fact I would be surprised if it would)).
Doing this before would be illegal. Now it is legal.
MITM would break any remotely decent VPN. The article talks about being able to activate cameras and what not but offers no explanation of how. This would almost certainly require software to be installed on the target device. I don't see how this will accomplish any more than making it easier to get geolocation data.
The baseband firmware on your phone has access to all hardware resources and can be modified over the cellular connection without your cooperation or knowledge.
It can't be done by a third party without extreme effort. This requires the cell phone manufacturer to participate along with the cellular service company as well.
Sorry for the late reply but I'd just like to warn you that it doesn't take a lot of effort. It takes some time, some knowledge of programming, electronics and communication protocols and a few hundred $$$ of equipment. DIY cell phone tower