Re: Not to worry only the State is likely to use this
Not the point. There are a few parts of your comment, but they are not reaching the reality of this issue.
First, the state might do this, but doesn't have to. The state, should they want to track someone for whatever purposes, malicious or not, does not need such a flaky system to do the tracking. They don't need to crack your IMSI because the mobile company can simply tell them, and they can also make the mobile company tell them where you are. Done. If they don't want to do that, they have the hardware to deploy a fake cell tower that your phone will trust, and they have demonstrated that they don't have a problem using it. So whatever you think of a state, this particular attack is not much of a risk.
Secondly, this is not a broad category like "computer viruses" or "data collection". It's a particular attack, and one that requires a lot of knowledge and resources. I couldn't simply obtain all the components and software necessary to do this as well as sufficient knowledge for it to be useful. In addition, the exploit is being patched, hopefully soon, so nobody can do it. If a criminal group wants to track you and has the knowledge, essential for this mechanism, of roughly where you will be at what time, you have much larger problems.