Micah LeeApr 9, 2025
Here's how to set up ~$30 worth of gear to detect cell-site simulators, which are used by police and ICE to spy on phones in a physical location, using @eff's new tool Rayhunter https://micahflee.com/hunting-street-level-cell-phone-surveillance-with-rayhunter/
Hunting street-level cell phone surveillance with Rayhunter

Things are scary in the US right now. ICE is disappearing students for protesting genocide and kidnapping innocent people off the streets to enslave in El Salvador. All over the country, people are taking to the streets every week to protest oligarchy, and fascist counter-protesters are starting to show up

micahflee
Show threadKevin Karhan 

@micahflee lemme guess: @eff just took a multi-network eSIM and multi-network WWAN modules to scan for "#deauth" / "#EvilTwin" attacks?

Cuz I remember @heiseonline or @golem actually suggest this as a method to detect #IMSIcatchers without requiring an expensive #SDR:

  • By precisely looking when which WWAN stick (for #3G back then) got disconnected and warning if they all got disconnected & reconnected at the same time...

AFAIK #GSMK uses that same technique for their #Baseband-#Firewall to automatically detect #Interception attempts and deploy countermeasures!

Apr 9, 2025 at 5:43pmWeb
Show threadZimmieApr 9, 2025

@kkarhan @micahflee @eff @heiseonline @golem Doesn’t need a SIM connected to an active account, so no need for the multi-network SIM. Not sure if the device itself can be used on multiple networks, but since Stingrays attack multiple networks at once, the device doesn’t need to connect to more than one.

Yes, it listens for control traffic and tries to detect suspicious patterns like deauths trying to force the modem to connect to a different tower.

Show threadKevin Karhan Apr 10, 2025

@bob_zim @micahflee @heiseonline @golem Makes sense.

  • After all, the whole #IMSIcatcher system can be detected by passive #SIGINT as it's an active attack on mobile networks.

I wounder if I can get a compatible device in #Germany as well...

  • Bonis points if that device has a freely reprogrammable #IMEI to allow hiding it's identity.
lists.d/imei.devices.list.tsv at main · greyhat-academy/lists.d

List of useful things. Contribute to greyhat-academy/lists.d development by creating an account on GitHub.

GitHub
Show threadZimmieApr 10, 2025
@kkarhan The system the EFF published is just software you can put on a cell-to-WiFi device you source yourself. The hotspot is just a cheap, preassembled way to get cell radio to listen, a processor to look at the control traffic, and WiFi to let you pull data off of it.
Show threadKevin Karhan Apr 10, 2025

@bob_zim yeah. Seen it. in the writeup by @micahflee ...

I just hope to find any that ain't #NetLock'd / #SimLock'd to #Verizon and that these support more than #US-#LTE bands...

  • Not shure if it needs a valid #SIM or just an #ICCID + #Ki on a #SIM to get going (cuz in #Germany it's hard [imported #SIM] to illegal [domestic SIMs] to get an anonymous SIM since 07/2017.

I just wish @eff wouldn't expect everyone to use #centralized, #SingleVendor & #SingleProvider services like @signalapp in the age of #CloudAct, cuz neither I nor anyone I'd trust would submit #PII to them like a #PhoneNumer as a matter of principle!

Kevin Karhan :verified: (@[email protected])

Content warning: Rant re: Signal Shills being dangerous Tech Illiterates

Infosec.Space
Show threadKevin Karhan Apr 10, 2025

@bob_zim @micahflee @eff

Sadly there's only 1 listing on eBay willing to ship to #Germany...

Verizon Speed Handy Hotspot 4G LTE Connect bis Zu 10 Wi-Fi Aktiviert Geräte | eBay

Verizon Speed Mobile Hotspot | 4G LTE | Verbinden Sie bis zu 10 Wi-Fi-fähige Geräte |.

eBay