EFF Launches Rayhunter: A New Tool to Detect Covert Cellular Surveillance
by David Kim
The Electronic Frontier Foundation (“EFF”) has announced Rayhunter, an open-source tool designed to detect cell-site simulators (“CSS”), devices often used by law enforcement and others to covertly track mobile phones. Running on an affordable mobile hotspot, Rayhunter seeks to empower activists, journalists, and everyday users to identify and document the use of these surveillance tools, shedding light on their prevalence and potential threats to privacy.
Cell-site simulators, also known as Stingrays or IMSI catchers, mimic legitimate cell towers, tricking nearby cellphones into connecting to them. Once connected, these devices can pinpoint a phone’s location with high precision, log unique identifiers like IMSI and IMEI numbers, and in some cases, intercept communications. Despite their widespread use by law enforcement and other entities, little is known about their full capabilities or how they exploit vulnerabilities in cellular networks.
The lack of transparency surrounding CSS deployment has raised concerns about their potential misuse, particularly in monitoring First Amendment-protected activities such as protests, journalist-source communications, and religious gatherings. While evidence of such misuse remains largely circumstantial and rumor, the EFF hopes Rayhunter will provide empirical data to clarify how and where these devices are being used.
Until now, detecting CSS required researchers and users to depend on Android apps for rooted phones or costly, complex software-defined radio setups. Earlier methods primarily targeted vulnerabilities in the outdated 2G network, which has been largely phased out in the U.S. Building on these efforts, the EFF has developed a more accessible and affordable solution that operates seamlessly on the modern 4G network, addressing the limitations of prior approaches.
Rayhunter operates by intercepting and analyzing control traffic between a mobile hotspot and its connected cell tower. It detects suspicious activities, such as attempts to downgrade a connection to the vulnerable 2G network or requests for a device’s IMSI under questionable circumstances. When such events occur, Rayhunter alerts the user and logs the data for further analysis, enabling individuals to take protective measures, such as turning off their phones.
The tool is designed to be accessible to users of all technical skill levels. Its interface features a simple color-coded system: a green or blue line indicates normal operation, while a red line signals a detected anomaly. Users can then access a web interface to review logs or download them for expert analysis.
Rayhunter runs on the Orbic mobile hotspot, a device available for $20 or less, and is compatible with Mac and Linux systems. While the EFF does not currently support Windows installations, the tool’s open-source nature allows for community-driven adaptations and improvements.
The EFF’s broader mission with Rayhunter is to gather concrete evidence on whether CSS are being used to surveil free expression and to understand their technical mechanisms. By collecting network traffic data, the organization intends to help researchers develop better defenses against these devices and provide advocates with the evidence needed to push for legal and policy reforms.
Rayhunter represents a significant step forward in the fight against covert cellular surveillance. By democratizing the ability to detect CSS, the EFF hopes to foster greater transparency, accountability, and resistance to the misuse of these powerful tools. As Rayhunter is deployed, its success will depend on the collective efforts of users to uncover and challenge the hidden reach of cell-site simulators.
Source: eff.org
As a digital subscriber to Criminal Legal News, you can access full text and downloads for this and other premium content.
Already a subscriber? Login
