TL;DR
- IMSI catchers, or “Stingrays,” pretend to be cell towers in order to gather data on nearby phones.
- So far, it’s been very difficult to know if you’ve been a victim of IMSI-catcher monitoring.
- The EFF’s new Rayhunter project uses a hacked mobile hotspot to attempt to detect IMSI catchers.
Privacy advocates will often be quick to tell you: Even with the best smartphones, you’re pretty much volunteering to carry around a surveillance device. And depending on the laws where you live, it might not take much at all for law enforcement to convince a court to let them use those surveillance tools against you. But not all attempts by law enforcement to gather information from phones involve anything as explicit as eavesdropping, nor necessarily require a court’s sign-off. Now, the Electronic Frontier Foundation (EFF) is sharing a new tool for fighting back against one of those surveillance techniques.
We’re talking about IMSI (International Mobile Subscriber Identity) catchers, which you may have heard referred to by the brand name Stingray. Basically, this is hardware that pretends to be a cellular tower. Police (or whatever agency wants to use them) can set up IMSI catchers and then watch as unsuspecting phones nearby attempt to connect. Install that at something like a political protest, and you’ve got an instant list of potential targets.
While the IMSI number on its own doesn’t directly tell police your name, it’s still a unique identifier that can be tracked over time — especially if police deploy IMSI catchers in multiple locations — and could ultimately reveal your identify with help from your carrier.
Sounds bad, right? What’s an innocent smartphone user supposed to do about this kind of surveillance? We’ve heard of options like apps that can look for signs of IMSI catchers, but those tend to require root access, which is a non-starter for a lot of us. And Android 15 was working on support for detecting IMSI catchers, but requires compatible hardware and we’ve yet to actually see it in action.
The EFF suggests an alternative: A project it’s calling Rayhunter.
Rayhunter uses an open-source software package designed to look for evidence of IMSI catchers in action, running on an old Orbic Speed RC400L mobile hotspot. The great thing about that choice is that you can pick one up for practically nothing — we’re seeing them listed for barely over $10 on Amazon, and you can find them even cheaper on eBay.
There’s an installation script for Macs and Linux to automate getting set up, but once the Orbic is flashed with the Rayhunter software, it should be ready go, collecting data about sketchy-looking “cell towers” it picks up.
Right now, much of the use of IMSI catchers is still shrouded in mystery, with the groups who regularly employ them extremely hesitant to disclose their methods. As a result, a big focus of this EFF project is just getting more info on how and where these are actually used, giving protestors a better sense of the steps they’ll need to take if they want to protect their privacy.
