This is a great time for people to start building and operating Rayhunters, and to share the results with the EFF to improve the tool.
https://www.eff.org/deeplinks/2025/03/meet-rayhunter-new-open-source-tool-eff-detect-cellular-spying
Have you done this? I’m curious how the data is shipped off to EFF once it’s running, and the documentation surrounding that seems sparse.
I have a Rayhunter but have never sent a data capture to EFF. I believe you are supposed to download it to your PC then send the file to their Signal account.
You have to export it and send it yourself I believe. The device only notifies you once you have a hit.
It’s worse than you think. An IMSI catcher is not even needed to find out what phones are in an area:
Section 3.4.1: Presence Testing in LTE
https://www.eff.org/wp/gotta-catch-em-all-understanding-how-imsi-catchers-exploit-cell-networksPassive Presence Testing
The simplest way to do presence testing in LTE doesn’t actually require someone to have what we usually consider a CSS (e.g. a device that pretends to be a legitimate cell tower). Instead, all that’s required is simple radio equipment to scan the LTE frequencies, e.g. an antenna, an SDR (Software Defined Radio), and a laptop. Passive presence testing gets its name because the attacker doesn’t actually need to do anything other than scan for readily available signals (Shaik et al, 2017).
RRC paging messages are usually addressed to a TMSI, but sometimes IMSI and IMEI are also used. By monitoring these unencrypted paging channels, anyone can record the IMSIs and TMSIs the network believes is in a given area . In the next section, we’ll see how an attacker can correlate a TMSI to a specific target phone, as right now collecting TMSIs simply means recording pseudonyms.
There are descriptions in the article of other ways to find phones without using an IMSI Catcher or fake tower.
@[email protected] reported his phone detecting similar devices in his area: https://feddit.online/post/1014830
We need ways to detect and combat these malicious tools from being used against civilians. And we need it now.
What is combat? It is a system dependent on “passive” signals from phones.
The best one can hope for is a way to sign up for broadcasts telling people to turn off their phones when the jackboots show up but that is arguably even worse for many reasons. First it involves signing up for said broadcasts (“So. Mr Anderson. Why would you sign up for ICE Alerts if you aren’t an illegal immigrant?”).
But second it takes away all way to coordinate a resistance. It is why so many of the big fat white guys in loose fitting hawaian shirts at protests are ready to give out free faraday bags to “protect people from the cops”. We outnumber the cops and the soldiers often ten or even twenty to one. But without the ability to coordinate, we all get picked off one group at a time or driven into a wall of shields and vans to be disappeared in if nobody is recording (which works a lot better if said recording is streaming to The Cloud). Take away phones and you turn The Many into The Few.
A couple decades back I lived in a… not great part of town. And it was pretty much common knowledge that when all our cell phones (still flip phones) would lose all signal that there was a police raid about to go down. Ridiculously illegal but… who you gonna call? So if you had someone you needed to call (let a loved one know where you were… or let a buddy know to start flushing) you needed a payphone or to borrow a landline.
I’ve been privy to some talks where we assessed things like Meshtastic as tools for the folk organizing protests and the like. In theory they are nice. In practice they are an even bigger red flag that can be easily sniffed out and used to trump up charges of premeditation and the like.
What is combat? It is a system dependent on “passive” signals from phones.
I’m sure if the device or operator is struck hard enough with a hammer, it stops working.
This is what it looked like a decade ago:
This is what’s available today:
https://x-surveillance.com/pbic-stingray-device/
X-Surveillance offers a Managed Service to remotely configure the Stingray Devices. Of course, remote operators who have been trained by X-Surveillance can also easily configure the PBICs from a distance.
The PBICs are equipped with smart fully-automatic configuration and semi-automatic calibration capabilities to detect close proximity or long-range mobile devices within minutes within any spectrum.
To detect as many mobile devices as possible, it is possible to detect 5G-Ready, 4G LTE, GSM, Bluetooth and WiFi devices with the PBIC as a Stingray Device.
“detect”… right…
Government and security forces have been known to do this for years. Here in Canada and the US.
This is one of the main reasons why it is suggested not to use your main phone at protest events … and instead use a secondary phone or a burner phone. Police and security forces set up fake towers at big public events to make it easier to monitor people.
Some examples about it getting used in the US for more than a decade.
Flying fake cell towers target fugitives, but can ID your phone too
IRS Joins FBI, DEA & Other Federal Agencies With Access To Cellphone Surveillance Technology
Secret Phone Surveillance Tech Was Likely Deployed at 2024 DNC
