The Digital Frontier Basis (EFF) has launched a free, open-source instrument named Rayhunter that’s designed to detect cell-site simulators (CSS), also referred to as IMSI catchers or Stingrays.
Stingray units mimic legit cell towers to trick telephones into connecting, permitting them to seize delicate knowledge, precisely geolocate customers, and probably intercept communications.
With the discharge of the Rayhunter, EFF seeks to provide customers the ability to detect these situations, permitting them to guard themselves and likewise assist draw a clearer image of the precise deployment scale of Stingrays.
How Rayhunter works
Rayhunter is an open-source instrument designed to detect Stingrays by capturing management site visitors (signaling knowledge) between the cellular hotspot and the cell tower it’s related to, however with out monitoring person exercise.
“Rayhunter works by intercepting, storing, and analyzing the management site visitors (however not person site visitors, equivalent to internet requests) between the cellular hotspot Rayhunter runs on and the cell tower to which it is related,” reads EFF’s announcement.
“Rayhunter analyzes the site visitors in real-time and appears for suspicious occasions, which might embrace uncommon requests like the bottom station (cell tower) making an attempt to downgrade your connection to 2G which is weak to additional assaults, or the bottom station requesting your IMSI underneath suspicious circumstances.”
In comparison with different Stingray detection strategies that require rooted Android telephones and costly software-defined radios, Rayhunter runs on a $20 Orbic RC400L cellular hotspot system (transportable 4G LTE router).
EFF selected this {hardware} for its testing of Rayhunter as a result of its affordability, widespread availability (Amazon, eBay), and portability, however notes that their software program may go effectively on different Linux/Qualcomm units too.
Supply: EFF
When Rayhunter detects suspicious community site visitors, Orbic’s default inexperienced/blue display screen turns purple, informing customers of a possible Stingray assault.
The customers might then entry and obtain the PCAP logs saved on the system to get extra details about the incident or use them to assist forensic investigations.
For extra directions on the best way to set up and use Rayhunter, take a look at EFF’s GitHub repository.
The EFF features a authorized disclaimer noting that the software program is probably going not unlawful to make use of in the USA. Nevertheless, earlier than trying to make use of this mission, it’s advisable to test with a lawyer to find out if it is authorized to make use of in your nation.
BleepingComputer has not examined Rayhunter and can’t assure its security or effectiveness, so use it at your personal threat.
