EFF's Rayhunter Aims to "Fill Gaps in Our Knowledge" About "Stingray" Cell Site Simulators
Installed on a cheap mobile router, Rayhunter warns when a Stingray device is detected — and gathers control traffic for analysis.
The Electronic Frontier Foundation (EFF), a pro-privacy civil liberty organization, has launched an open source tool thatit hopes can make a dent in surveillance from "Stingray" cell site simulations (CSSes): Rayhunter.
"CSS (also known as Stingrays or IMSI catchers) are devices that masquerade as legitimate cell-phone towers," explain EFF's Cooper Quintin and Will Greenberg, "tricking phones within a certain radius into connecting to the device rather than a tower. To fill […] gaps in our knowledge, we have created an open source project called Rayhunter. It is developed to run on an Orbic mobile hotspot which is available for $20 or less at the time of this writing."
The open source Rayhunter tool isn't designed to defeat cell site simulators, which are used to gather information on targets in an area, but to monitor for their presence. If detected, the user is warned so they can take appropriate action — and Rayhunter itself begins capturing control, but not user, traffic, for later analysis.
"We have a few different goals with this project," Quintin and Greenberg explains. "An overarching goal is to determine conclusively if CSS are used to surveil free expression such as protests or religious gatherings, and if so, how often it's occurring. We'd like to collect empirical data (through network traffic captures, i.e. PCAPs) about what exploits CSS are actually using in the wild so the community of cellular security researchers can build better defenses. We also hope to get a clearer picture of the extent of CSS usage outside of the U.S., especially in countries that do not have legally enshrined free speech protections."
"Once we have gathered this data," the pair continue, "we hope we can help folks more accurately engage in threat modeling about the risks of cell-site simulators, and avoid the fear, uncertainty, and doubt that comes from a lack of knowledge. We hope that any data we do find will be useful to those who are fighting through legal process or legislative policy to rein in CSS use where they live."
Those interested in running Rayhunter themselves — which, the EFF says, should not violate any current laws or regulations in the United States but may leave the user open to civil or criminal liability — can find the full source code on GitHub under the reciprocal GNU General Public License 3, along with tagged releases for installation on a compatible mobile router.