Sprint's AIRAVE BYOB (bring-your-own-backhaul) femtocell went on sale nationwide this week. Reviews seem mildly positive; it kind of costs a bunch considering you're subsidizing Sprint's infrastructure, but it's marketed toward people who have little other choice.
I don't have one (I'm not on Sprint at the moment). But if I did, the second thing I'd do with it is to start sniffing the traffic it sends back up the wire.
But all that data would be encrypted, right? Well, maybe ... and maybe not. Since Excel files seem to be an enterprise data store of choice these days for companies handling sensitive personal information, and since telcos are not the science-fair winners of the class but more like that kid in the back that just giggles all day keeps getting his lollipop stuck in his own hair, it wouldn't surprise me if they think ADPCM is encryption.
Even if some or all of the call content is encrypted, though, one could probably learn a lot about the signaling layer of the system -- i.e., how the network identifies and talks to the phones to indicate presence or session initiation.
Why would this be useful?
Well, for one thing, it would be interesting to use the AIRAVE as a presence detection mechanism. Once I can determine that the base station has recognized a known cell phone ID, I can automate all sorts of things that are supposed to happen when I'm nearby.
Applications include home automation (open locks, turn off the alarm); media (access and/or license to all of the media I own "appears" on any connected device when I'm nearby with my cell phone, and goes away when I leave); or for commerce: my hotel reservation, preferences at a restaurant, or online search history for a retailer can cue up automagically as I enter range.