All the examples of using Femtocells to create fake cell towers were done using Version units. Root access was gained by crashing during boot and getting dropped into a shell. This vulnerability has been patched, none are yet known for ATT.
Your phone mic sends data before the call is connected.
Browser connections are sent in plain text