GnomerMar 26, 2025
BrianKrebs

The Electronic Frontier Foundation has released an open source project called Rayhunter. It is designed to run on an inexpensive (~$20) mobile hotspot and look for signs of mobile spying devices called cell-site simulators. Also known as Stingrays or IMSI catchers, they masquerade as legitimate cellphone towers, tricking phones w/in a certain radius into connecting to the device rather than a tower.

https://www.eff.org/deeplinks/2025/03/meet-rayhunter-new-open-source-tool-eff-detect-cellular-spying

Meet Rayhunter: A New Open Source Tool from EFF to Detect Cellular Spying

Rayhunter is a new open source tool we’ve created that runs off an affordable mobile hotspot that we hope empowers everyone, regardless of technical skill, to help search out cell-site simulators (CSS) around the world.

Electronic Frontier Foundation
Mar 26, 2025 at 1:10pmWeb
Show threadSraarsMar 26, 2025
@briankrebs Perhaps a weekend project.
Show threadbitzeroMar 26, 2025
@briankrebs
Very nice. Now I wonder if/when the code will be ported to other pocket routers. And maybe also not-so-pocket ones.
Show threadProto Himbo EuropeanMar 26, 2025

@briankrebs Serious questions for semi-technical person:

  • Is it necessary to get an "unlocked" model of the Orbic device?

  • Are they all Verizon?

    • Show threadskimMar 26, 2025
    @guyjantic @briankrebs https://github.com/EFForg/rayhunter/issues/112#issuecomment-2731135631
    Is this for the Verizon locked model only? Which MPNs? · Issue #112 · EFForg/rayhunter

    The readme states Orbic RC400L but on Ebay most of these are Verizon locked. The few unlocked one's have an MPN of ORB400LBVZRT, a list of Orbic MPNs this is tested to work on would be nice.

    GitHub
    Show threadProto Himbo EuropeanMar 26, 2025
    @skim @briankrebs Man, I Love you folx.
    Show threadMick T.   Mar 26, 2025
    @guyjantic @briankrebs Mine has the Verizon firmware but does not appear to be locked, it's working fine with another carrier's SIM card
    Show threadProto Himbo EuropeanMar 27, 2025
    @mick_talbott Nice! I've ordered one. I'm going to try this. I can't imagine there are any stingrays or whatever in my tiny rural town, but it would be really weird and interesting if there were.
    Show threadFeohMar 26, 2025
    @briankrebs I don not need one of these but WOW am I glad this device exists!
    Show threadderptronMar 26, 2025
    @feoh @briankrebs You don't want to know if someone's spoofing your cell connection?
    Show threadFeohMar 26, 2025

    @crazyeddie

    You mis-understand.

    There is a lmit to how many incursions one can ward ones self against every minute of every day.

    I treat cellular comms like broadcast anyway, and so as I said, while I am VERY glad this exists, I do not feel the need to carry one at all times.

    Show threadBillMar 26, 2025
    @briankrebs I built one. Haven't found a stingray yet, thought I know CPD and the Sheriff have some.
    Show threadLockpick ExtremeMar 26, 2025
    @Sempf @briankrebs same. Putting it in my car so I can test a greater number of places
    Show threadHuldraMar 26, 2025
    @briankrebs And it's written in rust! https://github.com/EFForg/rayhunter
    GitHub - EFForg/rayhunter: Rust tool to detect cell site simulators on an orbic mobile hotspot

    Rust tool to detect cell site simulators on an orbic mobile hotspot - EFForg/rayhunter

    GitHub
    Show threadRobMar 26, 2025
    @briankrebs there's a.good article on detection of rogue cell towers, on Hackaday from 2016 https://hackaday.com/2016/08/09/how-to-detect-and-find-rogue-cell-towers/
    How To Detect And Find Rogue Cell Towers

    Software defined radios are getting better and better all the time. The balaclava-wearing hackers know it, too. From what we saw at HOPE in New York a few weeks ago, we’re just months away fr…

    Hackaday
    Show threadbenjamin melançonMar 26, 2025
    @briankrebs one thing that is not clear in EFF's writeup— to use these, one needs to pay for a separate cellphone line? (Or pre-paid SIM cards i guess?)
    Show threadEdMar 26, 2025
    @mlncn @briankrebs Works without any need for an account or SIM.
    Show threadTJMar 26, 2025
    @briankrebs very cool!
    Show thread🐜Mar 26, 2025
    @briankrebs can we make our own 2 with spare old WAPs & wifi routers?
    Show threadMatthew BrewerMar 26, 2025
    @briankrebs I got my orbic in the mail last week! I need to sit down and set it up. I plan to loan it to anyone going to a protest, as well as take it when I go.
    Show threadderptronMar 26, 2025

    @briankrebs I rather like the idea of constructing something from a Pi and qualcom hat, but I see zero tests here :p How would I even know it's working?

    Granted, I'm not familiar with rust patterns of development. But there are no test directories or test_ files or anything...

    How do they verify it themselves I wonder.

    Show threadVissMar 26, 2025
    @briankrebs ive seen this news and im desperate to see what happens when it catches one
    Show threadPhillip Mar 26, 2025
    @briankrebs @stux Copped a brand new one for $11 on eBay. A new toy (and increasingly important tool) to look forward too!
    Show threadKelly MacNeillMar 26, 2025
    @briankrebs this is cool but what do you even do if you detect one. i feel like the people using these devices aren’t going to yield to a sternly worded letter.
    Show threadEdMar 26, 2025
    @pyromuffin @briankrebs You share the results
    Show threadEric FeldhusenMar 26, 2025
    @briankrebs I’m thinking of making one of these to see what I find around me.
    Show threadRihards OlupsMar 26, 2025
    @briankrebs Ooooh. Too bad it doesn't run on Huawei devices. I have a couple unused ones laying around.
    Show threadyomnaMar 26, 2025
    @briankrebs If folks want to learn more about the cellular attacks behind IMSI-catchers/etc, here's a technical primer I wrote for EFF in 2019: https://www.eff.org/wp/gotta-catch-em-all-understanding-how-imsi-catchers-exploit-cell-networks
    Gotta Catch 'Em All: Understanding How IMSI-Catchers Exploit Cell Networks

    Table of ContentsSection 1: Introduction Section 2: Necessary background info Section 3: Overview of attacks Section 3.1: Basic IMSI-catcher Section 3.2: Communication interception Section 3.2.1: Spoofing authentication Section 3.2.2: Dealing with encryption Section 3.2.3: Why aren’...

    Electronic Frontier Foundation
    Show threadMpdavesMar 26, 2025
    @briankrebs I’ll read up more but does is there a place to record a master list of suspected fake towers?
    Show threadOrca 🌻 | 🎀 | 🪁 | 🏴🏳️‍⚧️Mar 26, 2025
    @briankrebs Damn I really hope they developed a program that runs on rooted Android or Linux phones, even if they had models limited (to like only one device supported). Orbic devices are not being sold here at all.
    Show threadLeanne VeronicaMar 29, 2025
    Do these work outside the U.S.
    Show threadAnthony SoraceApr 1, 2025
    @briankrebs @iffybooks Do you know if the normal function of the device still works?