Unfortunately, "known plaintext" is just about the most general term you can use to describe a crypto attack; it covers a huge number of different attack scenarios.
"All SIMs could reject OTA message without Digitial Signature (DS), but this is rarely done as it brings additional pain to gsm providers. Most of the SIMs are correctly secured. Most of the SIMs accept OTA messages that are not encrypted. Some SIMs accept OTA messages that only have a correct Cryptographic Checksum (CC) and some SIMs only require a correct Redundancy Check (RC) and also require counter increase N+1. Most of the SIMs dont require any security feature and accept OTA messages without no RC, CC or DS, for example - Globul. (by marek, TODO: name the networks!)."
Sorry, I'm not a crypto guy. It seems that he sends an "Over The Air" SMS that has an incorrect signature and then always recieves a response that he already knows.
EDIT: Ok, I just read your other comment and must say that you probably understand a million times more about this than me, so disregard this comment.
