At EFF we spend a lot of time thinking about Street Level Surveillance technologies
—the technologies used by police and other authorities to spy on you while you are going about your everyday life
—such as automated license plate readers,
facial recognition,
surveillance camera networks,
and cell-site simulators (. #CSS ).

Rayhunter is a new open source tool we’ve created that runs off an affordable mobile hotspot that we hope empowers everyone,
regardless of technical skill,
to help search out CSS around the world.

CSS
(also known as #Stingrays or #IMSI #catchers)
are devices that masquerade as legitimate cell-phone towers,
tricking phones within a certain radius into connecting to the device rather than a tower.

CSS operate by conducting a general search of all cell phones within the device’s radius.

Law enforcement use CSS to pinpoint the location of phones
often with greater accuracy than other techniques such as cell site location information (CSLI)
and without needing to involve the phone company at all.

CSS can also log International Mobile Subscriber Identifiers (IMSI numbers) unique to each SIM card,
or hardware serial numbers (IMEIs) of all of the mobile devices within a given area.

Some CSS may have advanced features allowing law enforcement to intercept communications in some circumstances.

What makes CSS especially interesting, as compared to other street level surveillance, is that
so little is known about how commercial CSS work.

We don’t fully know what capabilities they have
or what exploits in the phone network they take advantage of to ensnare and spy on our phones, though we have some ideas.

We also know very little about how cell-site simulators are deployed in the US and around the world.

There is no strong evidence either way about whether CSS are commonly being used in the US to spy on First Amendment protected activities
such as protests, communication between journalists and sources, or religious gatherings.

There is some evidence
—much of it circumstantial
—that CSS have been used in the US to spy on protests.

There is also evidence that CSS are used somewhat extensively by US law enforcement,
spyware operators, and scammers.

We know even less about how CSS are being used in other countries,
though it's a safe bet that in other countries CSS are also used by law enforcement.

Much of these gaps in our knowledge are due to a lack of solid, empirical evidence about the function and usage of these devices.

Police departments are resistant to releasing logs of their use,
even when they are kept.

The companies that manufacture CSS are unwilling to divulge details of how they work.

Until now, to detect the presence of CSS, researchers and users have had to either rely on Android apps on rooted phones,
or sophisticated and expensive software-defined radio rigs.

Previous solutions have also focused on attacks on the legacy 2G cellular network, which is almost entirely shut down in the U.S.

Seeking to learn from and improve on previous techniques for CSS detection we have developed a better, cheaper alternative that works natively on the modern 4G network.

https://www.eff.org/deeplinks/2025/03/meet-rayhunter-new-open-source-tool-eff-detect-cellular-spying

Electronic Frontier Foundation · Mar 4Meet Rayhunter: A New Open Source Tool from EFF to Detect Cellular SpyingRayhunter is a new open source tool we’ve created that runs off an affordable mobile hotspot that we hope empowers everyone, regardless of technical skill, to help search out cell-site simulators (CSS) around the world.

**Speckdäne** @Speckdaene@nrw.social · Mar 26

Mar 26

Speckdäne @Speckdaene@nrw.social

#EFF A New Tool to Detect Cellular Spying #IMSI #IMSIcatcher https://supporters.eff.org/civicrm/mailing/view?reset=1&id=12895

supporters.eff.orgA New Tool to Detect Cellular Spying | EFFector 37.3

**mistersixt** @mistersixt@kanoa.de · Mar 6

Mar 6

mistersixt @mistersixt@kanoa.de

#Rayhunter works by intercepting, storing, and analyzing the control traffic between the mobile hotspot Rayhunter runs on and the cell tower to which it’s connected. Rayhunter analyzes the traffic in real-time and looks for suspicious events, which could include unusual requests like the base station (cell tower) trying to downgrade your connection to 2G which is vulnerable to further attacks, or the base station requesting your #IMSI under suspicious circumstances. #EFF

https://www.eff.org/deeplinks/2025/03/meet-rayhunter-new-open-source-tool-eff-detect-cellular-spying

**PrivacyDigest** @PrivacyDigest@mas.to · Mar 5

Mar 5

PrivacyDigest @PrivacyDigest@mas.to

Meet #Rayhunter: A New #OpenSource Tool from @eff to Detect Cellular #Spying

#CSS (also known as #Stingrays or #IMSIcatchers) are devices that masquerade as legitimate cell-phone towers, tricking #phones within a certain radius into connecting to the device rather than a tower.
#privacy #security #surveillance #imsi #cellphones #celltower

https://www.eff.org/deeplinks/2025/03/meet-rayhunter-new-open-source-tool-eff-detect-cellular-spying

**Einstein^Diogenes** @azuresaipan@defcon.social · Feb 28 *

Replied in thread

**Kevin Karhan** @kkarhan@infosec.space · Feb 3 *

Feb 3 *

Kevin Karhan @kkarhan@infosec.space

@tauon

1) #CloudAct is just #CyberFacism, look it up!
https://en.wikipedia.org/wiki/CLOUD_Act

And with #Trumpism ravaging the #USA must be considered as #hostile as #Russia and the "P.R." #China by anyone who takes #OpSec, #InfoSec & #ComSec seriously!

2) @signalapp 's #Server code is proprietary and since it's centralized we can't trust that the code they release is what's running on their backend!

Plus their #App doesn't allow #ReproducibleBuilds (if Signal was #FLOSS it would be on @fdroidorg / #Fdroid) but alas it isn't!

3) #Signal still demands #PhoneNumbers which are #PII either by association (#Number => #ICCID = #SIM = #IMSI => #IMEI => Location Data as I explained before twice) or mandatory #KYC / #ID requirements (even on prepaid cards), which an increasing amount of juristictions do...

They have no "#LegitimateInterest" demanding said #PersonallyIdentifyingInformation to begin with!

But don't take my word for it.
https://www.youtube.com/watch?v=tJoO2uWrX1M

Ask yourself if you'd trust someone peddlibg #Shitcoin #Scams like #MobileCoin with your data!

en.wikipedia.orgCLOUD Act - Wikipedia

#shitcoin #scams #mobilecoin

Replied in thread

**Marcus Regenberg | marreg** @marreg · Jan 26

Jan 26

Marcus Regenberg | marreg @marreg

@PC_Fluesterer

Hier noch ein sehr sinnvoller Tipp: Es laufen gerade bei Demonstrationen sogenannte #IMSI-CATCHER → https://en.wikipedia.org/wiki/IMSI-catcher

Um wirkliche Sicherheit zu haben, sollte man das Gerät ausschalten und zusätzlich wie ein Butterbrot in Alufolie einpacken.

Danach hält das Ding auch wirklich den Mund, kann auch nicht mehr geortet werden ...

Besten Gruß

en.wikipedia.orgIMSI-catcher - Wikipedia

**Jiko Rojino** @jikodesu@mastodon.social · Jan 21 *

Jan 21 *

Jiko Rojino @jikodesu@mastodon.social

Malaysian supplier of text scam device nabbed in Philippine cybercrime crackdown. The suspect, identified as Thiang Choon Wee, is believed to be the head of a syndicate that has been supplying IMSI (International Mobile Subscriber Identity) catchers used in text scams.

#Philippines #Asian #Malaysia #TootSEA
#ABSCBN #Fraud #Scam #Crime #IMSI #SMS #Text #CyberSecurity @pinoy

https://www.abs-cbn.com/news/nation/2025/1/21/ph-arrests-malaysian-tagged-in-text-scams-1116

**waeum bin ich hier** @warum@mastodon.social · Jan 8

Jan 8

waeum bin ich hier @warum@mastodon.social

Wie schütze ich mich vor #IMSI-Catcher ?
#snoopsnitch wurde im #f-droid store zuletzt vor 3 Jahren aktualisiert und funktioert bei mir nicht

Replied in thread

**Kevin Karhan** @kkarhan@infosec.space · Nov 12, 2024 *

Nov 12, 2024 *

Kevin Karhan @kkarhan@infosec.space

@halva @lynn @signalapp @deilann

The problem is one needs to literally acquire a phone number and have access to it, and the demand of a phone number itself is bad. This makes it unnecessarily complex and expensive compared to using @monocles / #monoclesChat.
(Cuz if I've to pay to communicate, I might just choose a provider that isn't a #VC #MoneyBurningParty but a long-term sustainable solution based off #OpenStandards!)

I'm sorry for your location. My sincere condolences!

Still, #Signal doesn't allow #SelfCustody of all the keys & #SelfHosting, which makes it vulnerable as a #proprietary #centralized, #SingleVendor & #SingleProvider solution.

Just because @Mer__edith isn't having #Roskonmadnozr pointing a gun at her head doesn't mean she'd risk jail for a user when push comes to shove.

And with #CloudAct on one hand and #Trump wanting to "Speedrun Hitler", I'd not rely on Signal.

The "Metadata" #FUD is just a marketing bs because Signal will comply with warrants, whereas nothing prevents me from buying a Thin client, setting up an #OnionService to tunnel everything over @torproject / #Tor and rig it to disconnect power if tampered with or upon command.

I have setup comms for critical operations (incl. helping people flee Russia!) and I'd rather choose #OnionShare over #Signal if #Metadata is a real concern.

Internet Access, even in "P.R." #China, is something feasible to workout given the massive prevalence of public #WiFi. Also it's easier to spoof/anonymize a MAC than an #IMEI or even #IMSI, so making one dependent on #PhoneNumbers to even sign up is inherently bad!

Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”

#phonenumbers #china #wifi

**Aktion Freiheit statt Angst** @aktionfsa@mastodon.social · Sep 9, 2024

**PrivacyDigest** @PrivacyDigest@mas.to · Aug 27, 2024

Aug 27, 2024

PrivacyDigest @PrivacyDigest@mas.to

Backyard #Privacy in the Age of #Drones

In addition to high-resolution photographic and video cameras, police drones may be equipped with myriad #spying payloads, such as live-video transmitters, thermal imaging, heat sensors, mapping technology, automated license plate readers, cell site simulators, cell phone signal interceptors and other technologies.
#alpr #imsi #stingray

https://www.eff.org/deeplinks/2024/08/backyard-privacy-age-drones

Electronic Frontier Foundation · Aug 27, 2024Backyard Privacy in the Age of DronesPolice departments and law enforcement agencies are increasingly collecting personal information using drones, also known as unmanned aerial vehicles. In addition to high-resolution photographic and video cameras, police drones may be equipped with myriad spying payloads, such as live-video transmitters, thermal imaging, heat sensors, mapping technology, automated license plate readers, cell site simulators, cell phone signal interceptors and other technologies. Captured data can later be scrutinized with backend software tools like license plate readers and face recognition technology. There have even been proposals for law enforcement to attach lethal and less-lethal weapons to drones and robots.

**Aktion Freiheit statt Angst** @aktionfsa@mastodon.social · Jul 25, 2024

**Aktion Freiheit statt Angst** @aktionfsa@mastodon.social · Jul 24, 2024

Jul 24, 2024

Aktion Freiheit statt Angst @aktionfsa@mastodon.social

Niemand bleibt mit Handy unbeobachtet
"Deine MAID reicht uns völlig"
Mehr dazu bei https://netzpolitik.org/2024/databroker-files-firma-verschleudert-36-milliarden-standorte-von-menschen-in-deutschland/
a-fsa.de/d/3BQ
Link zu dieser Seite: https://www.aktion-freiheitstattangst.org/de/articles/8849-20240724-niemand-bleibt-mit-handy-unbeobachtet.html
Link im Tor-Netzwerk: http://a6pdp5vmmw4zm5tifrc3qo2pyz7mvnk4zzimpesnckvzinubzmioddad.onion/de/articles/8849-20240724-niemand-bleibt-mit-handy-unbeobachtet.html
Tags: #Datenhandel #MAID #mobileadvertisingID #GAFAM #Google #Apple #Smartphone #Handy #IMSI-Catcher #Standortdaten #Verbraucherdatenschutz #Datenschutz #Datensicherheit #Datenskandale #Bewegungsprofile #Persönlichkeitsprofil #Werbeindustrie #intimeOrte

**Benjamin Carr, Ph.D.** @BenjaminHCCarr@hachyderm.io · Jul 14, 2024

Jul 14, 2024

Benjamin Carr, Ph.D. @BenjaminHCCarr@hachyderm.io

#eBay Removes Listing for #StingRay #Cellphone #Spying Tech
StingRay listed at $100,000 before being removed for violating the platform’s policy on not #surveillance equipment. Listed as “Harris Stingray Cellular Phone Surveillance w/ Power Cord & Rolling Case - USED.
This StingRay may not be able to spy on modern phones. StingRays, and more broadly #IMSI-catchers, of which StingRay is a specific model, have been used by #lawenforcement in #US to track cell phones.
https://www.404media.co/ebay-removes-listing-for-stingray-cellphone-spying-tech/

**Benjamin Carr, Ph.D.** @BenjaminHCCarr@hachyderm.io · Jul 4, 2024

Jul 4, 2024

Benjamin Carr, Ph.D. @BenjaminHCCarr@hachyderm.io

The Next Generation of #Cell-Site Simulators (CSS) is Here. Here’s What We Know.
CSS, also known as #IMSI catchers, are among #lawenforcement’s most closely-guarded secret #surveillance tools. They act like real #cellphone towers, “tricking” mobile devices into connecting to them, designed to intercept the information that #phones send and receive, like the location of the user and metadata for #phone calls, text messages, and other app traffic.
https://www.eff.org/deeplinks/2024/06/next-generation-cell-site-simulators-here-heres-what-we-know #privacy #EFF

**Andreas Fischinger** @afisch@mastodon.social · Jun 27, 2024

Jun 27, 2024

Andreas Fischinger @afisch@mastodon.social

Da hat wohl jemand versucht, ein #Stingray #IMSI Catcher zu verkaufen, wenn auch älteres Modell… Ob mir @FlohEinstein mal seinen zum Testen ausleiht? https://web.archive.org/web/20240624072838/https://www.ebay.com/itm/404933396019#ABOUT_THIS_ITEM #cybersecurity

eBayHarris Stingray Cellular Phone Surveillance w/Power Cord & Rolling Case - USED | eBayAll units are sold without manufacture warranty information. (Refer to pictures provided). Includes Only Parts Displayed In Pictures. Sold As Is.

Recent searches

Search options

Administered by:

Server stats:

#imsi