EFF's Rayhunter Exposes Hidden Cell Tower Spying | Image Source: www.eff.org
San Francisco, CA, March 07, 2025 – The Electronic Frontier Foundation (EFF) introduced Rayhunter, a free tool to detect cellular site simulators (CSS), commonly known as IMSI or Stingrays Captors. These surveillance devices represent legitimate cell towers to deceive neighbouring phones to connect, allowing authorities to track user locations, intercept calls and collect personal data. With Rayhunter, EFF hopes to enable individuals, researchers and activists to identify these hidden threats and map their deployment around the world.
Why are they dangerous?
Stingrays, or IMSI Captors, are a type of surveillance technology used by law enforcement and other entities to collect information on mobile devices without the consent of the user. When disguised as a legitimate cell tower, such devices may:
- Track a phone’s location with extreme accuracy.
- Log unique identifiers such as the IMSI (International Mobile Subscriber Identity) and IMEI (International Mobile Equipment Identity).
- Potentially intercept calls, text messages, and data traffic.
- Force devices to downgrade from secure networks (4G/5G) to weaker 2G networks, making them vulnerable to additional attacks.
According to EFF, the secret around Stingrays makes them particularly worrying. In the United States, law enforcement agencies often refuse to disclose their use, and companies that produce these devices rarely reveal how they operate. This lack of transparency raises concerns about their deployment against journalists, activists and individuals engaged in constitutionally protected activities, such as demonstrations and religious gatherings.
How Rayhunter Works
Unlike the tradition of Stingray detection methods that require expensive radios defined by integrated Android software or devices, Rayhunter is designed to run on a simple and affordable device, the Orbic RC400L mobile hotspot, available for about $20 on platforms like Amazon and eBay.
Rayhunter works by analyzing control traffic, signaling data exchanged between a phone and a cell tower, but does not monitor user data such as activity or web messages. According to the official EFF announcement, the software detects anomalies such as:
- Suspicious requests from a base station to downgrade a connection to vulnerable 2G networks.
- Unusual IMSI requests that may indicate unauthorized data collection.
- Unexpected handoffs between cell towers that do not align with normal network behavior.
When Rayhunter identifies suspicious activity, the Orbic screen changes from green/blue to red, warning potential surveillance users. The software also stores detailed files in PACP format, allowing a forensic analysis of Stingray’s possible activity.
Why Rayhunter is a game hunter
Previously, the detection of IMSI sensors was a challenge for anyone who did not have advanced technical knowledge or expensive equipment. Rayhunter goes down the gate:
- Affordability: A $20 device makes surveillance detection accessible to a broader audience.
- Simplicity: Users don’t need specialized expertise to operate Rayhunter.
- Portability: The mobile hotspot can be easily carried anywhere, making it ideal for activists, journalists, and researchers on the move.
EFF is considering the widespread adoption of Rayhunter to help map the scope of Stingray’s use worldwide. As the organization says, “We expect activists, journalists and others to run these devices around the world and help us collect data on the use and capabilities of cellular site simulators.”
Is that Rayhunter Legal?
EFF includes a legal complaint that, to the best of his knowledge, using Rayhunter is not illegal in the United States. However, they strongly advise users outside the United States to consult a lawyer before deploying the software. The secrecy surrounding the use of Stingray extends to laws governing detection tools, and some governments may have restrictions on anti-monitoring measures.
How to start with Rayhunter
For those who want to use Rayhunter, the installation process is simple:
- Purchase an Orbic RC400L mobile hotspot from an online marketplace.
- Download the latest Rayhunter software release from EFF’s GitHub repository.
- Follow the provided installation instructions for Mac or Linux (Windows is not currently supported).
- Start using Rayhunter and monitor for potential Stingray activity.
EFF encourages users to share their findings in order to contribute to a better understanding of the implementation of Stingray worldwide.
As privacy concerns grow in an increasingly covered world, tools such as Rayhunter provide an opportunity for people to fight to detect and document digital intrusions. If you are a privacy activist, journalist or individual, this open source solution provides a convenient way to keep your communications informed and protected.
