This wiki is about the SFR Home 3G femtocell.
The purpose of this wiki is to allow others to verify our research, enable more security testing, and provide tools for further research in the 3G/UMTS field. It would also be great to be able to use this device for your own telecommunication network, similar to OpenBSC, even though this is unlikely to happen for various reasons.
All the findings only cover the first SFR femtocell (as depicted on the right), which uses the G2 board from Ubiquisys.
Numerous GPL software is used. The operator fails to mention it on the product or provide the source, but the vendor was kind enough to hint us to their repository.
flashing the device: Femtocell: Femtostep to the Holy Grail
using a compromised femtocell: Femtocells: a Poisonous Needle in the Operator's Hay Stack (notes)
You can find the videos of the demonstration presented in the conferences.
If you would like to send us bug reports, comments, questions, please contact us at via email.
The same is valid if you want to contribute to this wiki and need an account.