I'm wondering if there anything I should be looking for in traffic, like, could the carrier be querying my phone for anything that it not strictly any of their business? Then again, they already get a lot of interesting data through my browsing patterns, tower connection data (=location)...
The carrier wouldn't need too - your phone is already reporting to them everything and they can contain and go through information as needed. All routing is on their side. Your cell phone is an end client device that relies on a serial number/IMSI to access network resources tied to your identity on their network.
What you should be more concerned about, with this toolset is anyone can fetch the data around them using an off the shelf phone, and within proximity of ONE tower or whatever passes your cell phone. (Bigger antenna, bigger gain = biggr net.)
Now, what's curious is if you research GSM, SMS paging channel or else - alot of this stuff is cleartext, but you'd need something good to parse the information and isolate it per phone. This was w/ QCAT.
Back in the day of CDMA2000/3G, you could see whom the tower was trying to reach, what nearest handset was communicating with the tower and to/from (numbers) of text messages.
What's fun is determining what these numbers belonged too.
