Rayhunter: Device to Detect Cellular Surveillance
The EFF has created an open-source hardware tool to detect IMSI catchers: fake cell phone towers that are used for mass surveillance of an area.
It runs on a $20 mobile hotspot.
Comments
Looking for love in all the wrong places • March 7, 2025 3:04 PM
I love wearing ruby red slippers and a matching handbag. It’s so choice.
Sometimes I fold a dainty napkin around my p3n1s and pretend I’m a dinosaur.
Zaphod • March 7, 2025 9:14 PM
Thanks Clive. An engaging, yet depressing, précis
Hope you are well.
Z.
Clive Robinson • March 8, 2025 2:21 AM
@ Zaphod,
Thanks for your thanks 😉
As for me in general let’s just say,
“I’m creaking along, like an old man of war, not so much stately as full a’beam and rounding up to a full reach”.
Ulf • March 8, 2025 6:09 AM
For those interesting in this kind of detection, the https://github.com/Glamdring/wiretap-detector project has mobile apps that check for it. Writeup at https://techblog.bozho.net/wiretap-detector-app-for-catching-imsi-catchers/
lurker • March 8, 2025 12:46 PM
Hardware available via Amazon or eBay? Hmmm …
Software only for Mac or Linux? Hmmm …
Clive Robinson • March 8, 2025 6:21 PM
@ lurker,
With regards,
“Software only for Mac or Linux? Hmmm…”
I’m guessing based on the article saying,
“… we do not support Windows as an installation platform at this time.”
But the GitHub saying,
“NOTE: We don’t currently support automated installs on windows, you will have to follow the manual install instructions below”
And my own experience of developing low level or hardware projects indicates that the issues are very probably not exactly “hardware technical” in nature… More a “deliberate road bump” from the organisation that makes the OS’s not effectively supporting them “at this time”.
Let’s just say the volume of “Bovine Scat” that is oft emitted by them would overwhelm a typical workshop fan.
Also the costs involved are a significant consideration if your project is of small market or effectively being given for free.
Also consider that Version 10 of the OS is effectively “EOL’d” and about to get killed off and by many reports Version 11 is not exactly “fit for Beta” let alone general release. So ask yourself,
“Do you need such nonsense and irresponsible behaviour to deal with?”
I’m also reminded about the old advice for dealing with recently dead rabidly and otherwise diseased varmints, and the minimum length of barge pole you need to use to touch them.
Clive Robinson • March 9, 2025 11:23 AM
@ Bruce, ALL,
The thing about “Cell Site Simulators”(CSS) not really talked about is that they are in reality
“Mass surveillance not targeted surveillance”
Systems, think of the CSS device as being like “cruise missiles” it is designed to carry any of many types of “payload munition”.
The argument you usually hear is that they have “targeted payloads” that have a highly localised thus small impact.
But the reality is they cost well over $1million every time you push the button “for a go”.
Thus the actual reality they do not want you thinking about and one of the reasons cruise missiles are the size and have the range they do is they were actually designed to carry a nuclear warhead as a payload.
The simple fact is a CSS grabs all info about every mobile phone not just in it’s “primary” coverage area but actually out to 5 times the “primary” radius or more just (ie 5^2 or 25 times the area). What mostly limits the coverage area is “hight” which is why they get put in aircraft, helicopters, drones, and even in the case of a proposed experiment by the UK Kent Constabulary the equivalent of a small “air ship”[1].
Consider that the technology in this CSS finder is very similar to that of a CSS in terms of technology, weight and power consumption.
More importantly it has a WiFi interface that can act easily as an “Air to Ground” interface with a little playing with antennas giving more than a 300m range to the “ground station”. As I’ve mentioned before the line of sight radio range “horizon” for an object 300m up in the air is ~60kM…
Again playing with antennas will like the use of binoculars and telescopes to improve what you see in the visual spectrum do the same for the “Radio Spectrum”.
Using two drones with two directional antennas and a “time measuring” algorithm give both direction and range with quite some accuracy.
Thus people realy need to think about the level of “Mass Surveillance” the CSS gives those who care not about legislation because they are effectively “exempt”.
For those with more worry about “targeted surveillance” the use of a CSS is entirely unnecessary.
To see why a few months back Veritasium made a YouTude video on just how easily this could be done anywhere around the globe,
https://m.youtube.com/watch?v=wVyu7NB7W6Y
Oh and consider what putting mobile phone “cell sites in space” on commercial satellites will do to make this even more “trivially simple” as you will always be within the range of one of those satellites just about everywhere mankind goes.
Or will go… Some of you no doubt heard the news that two of the three moon landings these past few days has failed due to toppling over.
It’s a shame because the latest one IM-2 was carrying a 4G LTE micro base station[2] that broadly would be similar to the electronics in the CSS finder.
When they get such a system right which they will do, it means that the next Luna Astronauts,
“Will be proceeded by cell service, so they can ‘phone home’.”
Oh and 100% surveilled upon for “Health and Safety”…
[1] The argument way back when it was made is that an airship being “lighter than air” would require very little energy to “stay aloft” thus could be up 24×7 etc. Well the advancement of technology in electric motors, high energy density batteries, and film solar cells has enabled the likes of NASA to develop electric aircraft that can stay up for longer periods of time than airships and with many other advantages.
[2] The “Intuitive Machines”(IM) “Athena”(IM-2) Spacecraft, was part of NASA’s “Commercial Lunar Payload Services”(CLPS) program.
It was carrying a number of independent project payloads. One of which was the collaboration between Nokia Bell Labs and NASA to demonstrate 4G cellular connectivity as a generic all purpose low cost high bandwidth communications system.
Known as a Network-In-a-Box Nokia’s equipment and will connect the Nova-C lander with the MAPP rover and IM’s Micro-Nova Hopper that could have had a 25kM range. It is a 4G LTE based system using “Low – Cost Of The Shelf”(L-COTS) interchangable parts. And as such would have provided considerably more data bandwidth for the cost than any other system in commercial use, as well as “easy interfacing” for any projects.
Destroyer of Alien Worlds • March 9, 2025 4:09 PM
Clive! Clive! He’s our man! If he can’t do it, no one can!
\O/
ResearcherZero • March 9, 2025 9:51 PM
Cellebrite has introduced AI into their SaaS “evidence management solution”.
‘https://www.democraticunderground.com/10143410302
Evidence too transparent, chat logs not hallucinating things people did not say?
https://archive.is/rWdYw
I am the law!
https://www.sydneycriminallawyers.com.au/blog/corruption-pervades-police-forces-in-australia-and-the-united-kingdom/
“If you’re a police officer, what incentive is there for you to actually obey the law … when you know that it is extraordinarily unlikely that if you do step over the line, anything will be done about it?”
ResearcherZero • March 9, 2025 10:06 PM
@Clive Robinson
But then Nokia laid off the experienced employees and kept laying them off, even after innovation suffered, research was not commercialized and sales kept nosediving around the world. Their mobile phone division flopped and in 2023 they let yet more people go, just so they could continue the trajectory of plummeting sales.
Others have done it. IBM and other well known businesses have decided, “why not get rid of institutional knowledge and expertise within the company and give ourselves a pay rise?”
Everyone else is doing it. ChatPHD can probably do whatever Bill does.
‘https://layoffs.fyi/
cls • March 9, 2025 11:25 PM
I’d buy a 5 pack of these. What a great idea. Sadly, this model only works on Verizon networks. Oh well.
Clive Robinson • March 10, 2025 3:59 AM
@ ResearcherZero, ALL
With regards your observations of,
1, Nokia laid off the experienced employees and kept laying them off… …just so they could continue the trajectory of plummeting sales.
2, IBM and other well known businesses have decided, “why not get rid of institutional knowledge and expertise within the company and give ourselves a pay rise?”
3, Everyone else is doing it. ChatPHD can probably do whatever Bill does.
Layoffs are generally the sign of incompetent management following ludicrous “neo-con mantra”. It’s the sort of stupidity that gets drilled into the heads of the less able as they do their well over priced and nearly useless MBA studies.
In the past I’ve mentioned that the people behind these courses that have comfortable faculty offices and write large thick books of near nonsense. Do so because they are bought and paid for by certain personality types that in effect want excuses for their gut feeling harmful behaviours. It’s the same with “certain schools” of economics… You can see this in the likes of,
‘https://www.fraserinstitute.org/commentary/death-capitalism-schumpeters-prognosis-coming-true
Where the author entirely neglects the real issues of “feudalism by rent seeking as a religion”, that has been the crutch of the “King Game” which has very recently trumped much other paid for “failures to observe reality”.
Hence we have had originating in the US the rampant diseases of,
1, Out Sourcing.
2, Off Shoring.
3, Don’t invest just divest.
4, Short term behaviour.
And the other “mantra sins” of “neo-con thinking” to the instant gratification that is claimed incorrectly to be “Shareholder value”…
In short anything that allows them to sell, borrow against, or mortgage actual assets for instant cash. The aim is to suck and squeeze the “financial lifeblood out” and “take the money and run” then “rinse and repeat” over and over. In short the mantra of
“Don’t leave money on the table/floor.”
It’s the generic behaviour of a plague of parasites or disease that “kills the hosts”, thus kills it’s self.
The thing is the figures show it’s now a veritable tsunami of debt building up that starves and kills innovation and thus industry (currently US debt is around 1.4 times GDP…).
The supposed “finance industry” and “Capitalism” are in their current forms a failure…
And what do “bad gamblers do on a loosing streak” –remember the only real wining streak is the house percentage– they,
“Double down on stupidity”.
Have a read of,
‘https://thehustle.co/originals/why-layoffs-dont-work
Under the section titled,
“Layoffs equal dwindling stock prices and bankruptcy risks”
Then have a read of,
‘https://www.theregister.com/2025/03/07/hpe_q1_2025/
And add the serial failure of HPE to your list… Because the only positive in their recent past hiding the long term general negative decline has been,
“jumping on the ‘AI Hype Bubble'”
Which has due to certain recent events shown the “AGI Hype” is “An Emperor with his ass hanging out in the public parade”.
But another example of such idiocy is Intel, and there are distinct signs that the other half of “Wintel” are again failing badly as the “rent seeking” XaaS of the Cloud does not deliver, nor does the “Pushing of turd polishing” or worse still the idiocy of current LLM “AI with everything”.
They all have a commonality of pushing “The law of diminishing returns”
As has been recently poetically said with the outing of GPT-4.5,
“ChatGPT, is now the Model-T, of AI History.”
And why the likes of
‘https://gizmodo.com/microsofts-relationship-with-openai-is-not-looking-good-2000573293
Are happening one such quip around about “Microsoft AI”(MAI) is,
“How long before MAI is rhymed with ‘Tay’ to give ‘May try’.”
Apparently even MS’s top bod CEO Satya Nadella is putting the brakes on the hype and reportedly said in a recent X Podcast interview,
“Success will be measured through tangible, global economic growth rather than arbitrary benchmarks of how well AI programs can complete challenges like obscure math puzzles.”
The thing is some have claimed with some justification, that the only growth in the US Economy has been the activity around the AI hype with $trillions sunk in… Even the “California Boat” meme of,
“A hole in the water into which you pour money.”
Does not appear to do it justice.
The funny thing for me is since the 1980’s I’ve had involvement with,
“Actually making AI work in the real world…”
With what back then were hyped-up “fuzzy logic” and “Expert Systems” and actually “stuffing them in robots” and the like.
You kind of get to see,
“An AI MO”
That whilst not exactly criminal like “Pump-n-Dump”, sure does take a lot of shirts off of investors backs… Before the tech become an “invisible part of life”.
The point is current AI LLM and ML systems are not going to actually replace workers, change work, or do most of the things many like Sam Altman are shrilly claiming.
To be only a little snarky,
“Would you let a spell checker run the economy?”
To which the reply might be “Only in America” home of the perverse capitalism “do or die” mantras.
One fun thing, somebody noted the other day that China did more to “throw the fox in the hen house” type harm to the US with “DeepSeek” than just about anything else,
(See former US Sec of State Mike Pompeo calling DeepSeek’s emergence as a “shot across America’s bow”, amongst similar OMG comments).
There are really only two questions of note,
1, How long before the hype dies down again?
2, How much human harm will the hype cause due to US neo-con short-term thinking in the mean-time?
Aaron • March 10, 2025 10:21 AM
Somebody here has to remember the movie “The Big Hit”; The Trace Buster Buster Buster scene? This is sounding like the beginning of that for cellphones.
Who? • March 10, 2025 1:15 PM
Something that works outside the United States?
For years EFF has been despising non-U.S.-citizens.
lurker • March 10, 2025 9:23 PM
@Clive Robinson
Yes, I’m well aware of why EFF might want to avoid Windows(TM), there just seemed to me to be a difference in trust in the channels, hardware vs software.
ResearcherZero • March 10, 2025 11:58 PM
@Clive Robinson, ALL
I’ll tag this under the heading of “stupidity” and read through the articles you linked.
All those mantras and economic schools of thought are about to get a real pounding.
Trump wants to end CHIPS and redirect the money towards national debt. The act drew in enough private capital to allow the U.S. to potentially produce 30% of the world’s most advanced computer chips. Before the act began to draw in more than $100 billions in investment, the United Sates had no capacity to produce advanced computer chips.
The money for the CHIPS act has already been spent and therefore unavailable for use.
Taking a sledgehammer to government like this, without any consideration for the short or long-term effects, will damage both national security and the economy. The human harm that the craziness in just the last few weeks will wreck is likely huge and immeasurable!
‘https://www.techspot.com/news/107023-trump-calls-end-chips-act-redirect-funds-national.html
How to avoid White House accountability.
https://www.heritage.org/defense/report/reforming-the-presidents-daily-brief-and-restoring-accountability-the-presentation
–
And because I’m a jerk, I’ll also have a little dig at politics:
Ignorance — Playing to the crowd to avoid accountability.
‘https://www.smh.com.au/politics/federal/dutton-deliberately-in-the-dark-on-caravan-hoax-burke-20250311-p5liki.html
An epidemic of political lying.
https://news.harvard.edu/gazette/story/2024/12/rising-epidemic-of-political-lying/
“I already know what’s happening in the world.”
Advising incumbents on national security and foreign policy:
https://www.thecipherbrief.com/column_article/intelligence-briefings-for-the-presidential-nominees
–
Fear — Wanting to be liked more than respected.
‘https://www.vanityfair.com/news/story/trump-congress-political-violence
“we want politicians who see engagement in public life as a vocation and not just a game. We want politicians who will speak the truth – even when it harms them to do so. We want politicians who respect us as citizens and not just as voters.”
ResearcherZero • March 11, 2025 1:59 AM
Epidemics, dirty bombs and immolation are not on my to-do list. I prefer healthier hobbies.
Clive Robinson • March 11, 2025 6:27 AM
@ ResearcherZero,
I tried replying in a gently humourous way…
But it got “Held for Moderation”…
Winter • March 11, 2025 7:18 AM
@ResearcherZero
Food and medicine still perishing after termination of more than 90% of USAID contracts worldwide. The aid lays unused in warehouses after aid workers were ordered to stop work.
From their words, you might get the impression the politicians in the Republican party and their people in the WH are concerned about efficiency and cost reduction in government in general, and USAID in particular.
To give context to the nature of the concerns within the Republican party, I would like to add a quote from a former Texan mayor of Colorado City Tim Boyd who expressed the feelings and opinions within the party in more clear terms:
‘https://ktxs.com/news/local/colorado-city-mayor-resigns-after-controversial-facebook-post
If you have no water you deal with out and think outside of the box to survive and supply water to your family. If you were sitting at home in the cold because you have no power and are sitting there waiting for someone to come rescue you because your lazy is direct result of your raising! Only the strong will survive and the week will perish. Folks, God Has given us the tools to support ourselves in times like this. This is sadly a product of a socialist government where they feed people to believe that the FEW work and others will become dependent for handouts.
(Emphasis mine)
This puts the policy of the current USA administration to rather leave food perish in storage than hand it out to the hungry in a new and different light.
The above quote and policies regarding USAID also give a pertinent view of the way the current ruling party wants solve the problems of Americans who struggle to get food on the table, a roof over their heads, and heat their homes.
Clive Robinson • March 11, 2025 8:11 AM
@ Winter, ResearcherZero,
That “Mayor” neglected to mention that the “people” had payed year on year for the “infrastructure” and “supply chain” they were deliberately being denied…
And that in fact he was just a “mouth piece” excusing the behaviour of those who have “bought and paid for him” he mistakenly portrays as his “friends”…
Something I’ve made comment on in the past with regards “economists” and “MBA Course Organisers” who push neo-con nonsense and put the money in their pockets thinking they are “Smart”.
He also what either he does not realise, or has forgotten to act on, is that at some point there is always “civil unrest” and it’s the “mouth pieces” that get hung up by their toes…
Oh I also mentioned a week or so back about “US Eggs” and the supposed crisis and that there were clear shenanigans going on behind it.
Well it appears I’m not the only one to notice it’s a “Con”, in fact it is a quite deliberate play by two corporates who have acquired a “death grip” on the “supply chain” of the entire US egg production,
https://www.thebignewsletter.com/p/hatching-a-conspiracy-a-big-investigation
Expect to see an awful lot more on this sort of “rent seeking” by “supply chain manipulation/control” and similar corrupt practices by “GOP Friends” and the Corps they control.
Carlos Alberto Teixeira • March 13, 2025 7:56 PM
This (excellent) article of yours has had the highly harmful effect of distracting me for over two hours from my work of proofreading reports, in which I must meet extremely tight deadlines. Besides visiting the Rayhunter website and learning about the tool, I also made the reckless decision to read the incredibly rich comments, which led me to several other sources of fascinating information.
But please know that, by no means, am I blaming you, dear Bruce. The fault for allowing myself these distractions is entirely mine.
Be that as it may, I would like to thank you for your consistently great content. I have been a fan and follower of yours for many years. In the report I am currently reviewing, from the Brazilian company Votorantim, there is a mention that you participated as a speaker at the Compliance Week event in 2024. And it was thanks to this mention that I looked you up on X and ended up reading this extraordinary article.
I send you and your family our best wishes from Niterói, Rio de Janeiro, Brazil. Greetings and best wishes, my dear Bruce.
Subscribe to comments on this entry
Leave a comment
Sidebar photo of Bruce Schneier by Joe MacInnis.
Clive Robinson • March 7, 2025 2:39 PM
@ Bruce, ALL,
With regards
“It runs on a $20 mobile hotspot.”
Such are the joys of technology where the price to capability just keeps dropping.
But you need to consider,
“Is the use of the technology actually lawful?”
Because the main thing to remember is that,
“Technology is agnostic to use.”
And that it is,
“The directing mind that choses the “use” any given piece of technology is used for.”
But also note the “usage warning” about the legality of use in any given jurisdiction… Which emphasises the point that,
“Usage as ‘good or bad’ is seen by a supposedly impartial observer at some point after the usage event.”
(Where impartiality is far from certain).
In the UK for instance you are only allowed to monitor or listen to the,
“designated public broadcast bands”
Not anything else, so you get an interesting situation of how you are licensed for non public broadcasts which covers all other EM emissions / communications as they say,
“From DC to Daylight and beyond.”
Which covers all cordless, mobile and Smart Devices not using ISM or Broadcast bands.
In effect this makes actual usage or usage intent “licensed” so you use the “HotSpot” or other equipment only for what it has been certified and licensed for, anything else is technically an offence…
Yup I know it’s a silly way to carry on, but that’s the way many countries licencing authorities work.
Even in the US this is true… Use a piece of Ham gear to work the CB frequencies is illegal as the Ham gear is not licenced for the CB band. Likewise use a cheap Chinese Ham HT that covers a lot of the VHF and UHF frequencies including GMRS and other “Family Radio Service”(FRS) and again your usage of the equipment is not licenced.
So even in the US this usage of the hotspot is “not licenced” thus technically not lawful.
But the article mentions,
As most of these “Cell Site Simulators”(CSS) are,
1, Not licenced as equipment.
2, Not licenced for use.
3, Operators are not licensed.
Their use is actually illegal by any entity not formally covered by Federal or State Legislation and quite specific Legislation / Regulation… Which means they are more often than not being used illegally as the “National Security” excuse / clause really does not apply.
But note what I’ve highlighted. It’s rather more than “intercept” in the way most might think of it, like old school passive “wire tapping”.
As I’ve mentioned before people need to look up “SMS 0” it’s just a small part of how the “Network Operator” does “Over The Air”(OTA) Interface control of the “Subscriber Interface Module”(SIM) in your device.
Your device actually does not logically “connect to the network” it connects to the SIM and it is the SIM that connects to the network.
The SIM is a fully fledged computer in it’s own right and thus it decides what your device can and can not do at any and all levels of communication.
You’ve probably all heard of CALEA well technically your SIM should in the US have a CALEA interface capability “built in” (and due to the extended OTA Interface it does).
The only thing protecting your SIM from unauthorised OTA Updates is a small amount of Encryption… In quite a few SIMs untill recently that was DES using a general “network key”. Whilst the algorithms have been updated a bit, the system they are used in has not.
As most here should be aware getting a network wide encryption key is not exactly difficult.
One way is by issuing a letter be it NSL in the US or TCL in the UK etc. Alternatively as was seen with stuxnet, people on the network suppler side usually do not take sufficient care. Thus a semi covert “Black Bag Job” will do it as well, or as with the “Greek Olympics Scandal” you just lean on an individual who has access then dispose of them afterwards.
Once that network encryption key is known, there is very little someone with “appropriate technical capability” can not do as they own you through the SIM that owns the Device you hold.
One way that has been suggested in the past is to use a mobile phone only without a SIM via WiFi etc. This did work once… But most mobile / Smart device OS’s have back doors built right in for the likes of Alphabet/Google to own your device to “own you” as “product”…
It’s time people realised that the “communications endpoint” you call a smart/mobile device is very much,
“Insecure by Design.”
thus you have to,
“Take off device mitigations.”
I’ve mentioned some before. Unfortunately as such,
‘The mitigations require a high degree of “Operational Security”(OpSec) to use.’
A part of which is,
‘Good “Key Material”(KeyMat) Management”(KeyMan).’
You only have to look at the various “faux-secure device” scams run by various LEO’s under “Mutual Assistance Instrument” that allows loop holes in one Nation’s legislation to be used by another Nations Law Enforcement in ways that would not otherwise be lawful (in the US think of the oft used running a call “off shore” so it comes under “Foreign Intelligence Surveillance Act of 1978″(FISA).
One such faux-secure device was EncroChat, and you can see the “hoops and loops” a tribunal had to jump through to make it “appear lawful”,
https://investigatorypowerstribunal.org.uk/judgement/sf-and-ors-v-nca-ipt-21-05-ch/
When,
“The authorities make it up as they go along”
And
“Can get the judiciary to ‘nod along’.”
You know you have “a tough journey ahead”.
And lookin at taking another path might be wise, even though at first it might appear harder to travel.