AT&T 3G MicroCell: A Comprehensive Explorationby Brian Klug on April 1, 2010 1:55 AM EST
Why all the security?
It's obvious at this point that AT&T and Cisco are serious about this not being a hacker-friendly device. There's virtually no configuration status pages, little in the way of documentation about how the hardware talks to the AT&T network, and even less about what's going on under the hood. There's evidence of that hardware tamper switch too, which is surprising given the four or five blatantly open pin headers on the motherboard.
Of course, the there are a number of reasons. Probably first is that AT&T doesn't want you using the MicroCell in regions they aren't licensed to operate for regulatory reasons. That's partly the reason for the GPS alongside E911 verification, though there's a less insidious reason for including a it - GPS is critical for getting very precise and accurate timing signals for the radio without expensive clock hardware. The other more serious reason for both physical and network security is that there's the very real worry that end users could gain access into the packet switched core network. The femtocell is, for all intents and purposes, a Node B base station of its own, talking with a radio network controller over lub the same way bona-fide carrier towers do. The last thing any of the carriers want is this interface being cracked or reverse engineered - all kinds of bad stuff lies that way.