Article Details

Open-source tool 'Rayhunter' helps users detect Stingray attacks. The Electronic Frontier Foundation (EFF) has released a free, open-source tool named Rayhunter that is designed to detect cell-site simulators (CSS), also known as IMSI catchers or Stingrays. Stingray devices mimic legitimate cell towers to trick phones into connecting, allowing them to capture sensitive data, accurately geolocate users, and potentially intercept communications. With the release of the Rayhunter, EFF seeks to give users the power to detect these instances, allowing them to protect themselves and also help draw a clearer picture of the exact deployment scale of Stingrays. How Rayhunter works Rayhunter is an open-source tool designed to detect Stingrays by capturing control traffic (signaling data) between the mobile hotspot and the cell tower it is connected to, but without monitoring user activity. "Rayhunter works by intercepting, storing, and analyzing the control traffic (but not user traffic, such as web requests) between the mobile hotspot Rayhunter runs on and the cell tower to which it's connected," reads EFF's announcement. "Rayhunter analyzes the traffic in real-time and looks for suspicious events, which could include unusual requests like the base station (cell tower) trying to downgrade your connection to 2G which is vulnerable to further attacks, or the base station requesting your IMSI under suspicious circumstances." Compared to other Stingray detection methods that require rooted Android phones and expensive software-defined radios, Rayhunter runs on a $20 Orbic RC400L mobile hotspot device (portable 4G LTE router). EFF chose this hardware for its testing of Rayhunter due to its affordability, widespread availability (Amazon, eBay), and portability, but notes that their software may work well on other Linux/Qualcomm devices too. When Rayhunter detects suspicious network traffic, Orbic's default green/blue screen turns red, informing users of a potential Stingray attack. The users may then access and download the PCAP logs kept on the device to get more information about the incident or use them to support forensic investigations. For more instructions on how to install and use Rayhunter, check out EFF's GitHub repository. The EFF includes a legal disclaimer noting that the software is likely not illegal to use in the United States. However, before attempting to use this project, it is advisable to check with a lawyer to determine if it's legal to use in your country. BleepingComputer has not tested Rayhunter and cannot guarantee its safety or effectiveness, so use it at your own risk.