Y0ur P@ssw0rd S*cks is a bi-weekly column that answers the most pressing internet security questions web_crawlr readers have to make sure they can navigate the ‘net safely. If you want to get this column a day before we publish it, subscribe to web_crawlr, where you’ll get the daily scoop of internet culture delivered straight to your inbox.
Welcome to Your Password Sucks, the Daily Dot newsletter that answers all your internet security-related questions.
Today, we’ll discuss how you can easily build a cell phone surveillance detector for about $20.
Interested? Here’s how.
What is a cell phone ‘stingray?’
If you follow tech news and care about privacy and security like myself, you’ve likely heard the term “Stingray” before.
A Stingray, which is a common term used to refer to what’s known as a cell site simulator or IMSI-catcher, is essentially a fake cell phone tower used by everyone from police and federal agents to criminals and scammers.
The device, which can be small enough to fit in a backpack, can force cell phones within a certain radius to connect to it. Depending on the model, the device can—among other things—discover which cell phones are in an area, find specific cell phones, and even intercept texts and phone calls.
Local police can use them to locate the cell phone of a suspect or to see who’s attending a protest. Governments can use them outside foreign embassies or government buildings to track high-profile politicians. They can even be used to block your phone from making phone calls or sending texts.
As reported by Wired, an IMSI-catcher was even detected at the 2024 Democratic National Convention in Chicago. It remains a mystery as to who was running it and why.
But thanks to the Electronic Frontier Foundation (EFF), a prominent digital rights advocacy group, carrying out such surveillance undetected may have just gotten a little bit harder.
How to build a cell phone surveillance detector
Even if you aren’t a tech expert, you can help detect them too. The EFF recently introduced software known as “Rayhunter,” which runs on a cheap mobile hotspot device.
All you need is a computer and an Orbic RC400L with a SIM card. And the SIM card, at least in my testing, doesn’t even need to be activated. You can pick up an Orbic for relatively cheap on Amazon or eBay for around $20.
Once you have that, simply follow the instructions on the Rayhunter Github page. You’ll need to plug the Orbic into your computer, whether running Windows, Mac, or Linux, and download the release[dot]tar file from the Rayhunter releases page.
From there, unzip the file, and run the install[dot]sh file. It’s all explained on the Github page. Linux users will have the easiest setup, followed by Mac, and then Windows, which can be more difficult.
But once you have Rayhunter installed, you should see a green line at the top of the Orbic’s screen. If it ever turns red, that means it detected what it believes to be a cell-site-simulator.
Personally, I haven’t captured any so far in my limited testing. I didn’t expect to find heavy Stingray use in my backyard. But I do plan to take it to some protests and outside of some high-profile government buildings to see what happens.
That being said, what do you do if you detect an IMSI-catcher? EFF is collecting data on towers, and it looks like they’ll be using all this data to further map out Stingray use across the country.
And lastly, although the EFF does not believe that detecting Stingrays violates any laws, they urge everyone to use Rayhunter at their own risk.
If you manage to set up a Rayhunter device of your own and detect cellphone surveillance in your area, feel free to reach out to me at mikael.thalen@dailydot.com. We’d definitely be interested in hearing about it.
Happy hunting!
The internet is chaotic—but we’ll break it down for you in one daily email. Sign up for the Daily Dot’s web_crawlr newsletter here to get the best (and worst) of the internet straight into your inbox.
