this post was submitted on 05 Mar 2025
47 points (100.0% liked)

Privacy

5177 readers
56 users here now

A community for Lemmy users interested in privacy

Rules:

  1. Be civil
  2. No spam posting
  3. Keep posts on-topic
  4. No trolling

founded 2 years ago
MODERATORS
[email protected]
47
Meet Rayhunter: A New Open Source Tool from EFF to Detect Cellular Spying (www.eff.org)
submitted 3 days ago by pelespirit to c/[email protected]
3 comments fedilink hide all child comments
 

To fill these gaps in our knowledge, we have created an open source project called Rayhunter.1 It is developed to run on an Orbic mobile hotspot (Amazon, Ebay) which is available for $20 or less at the time of this writing. We have tried to make Rayhunter as easy as possible to install and use, regardless of your level of technical knowledge. We hope that activists, journalists, and others will run these devices all over the world and help us collect data about the usage and capabilities of cell-site simulators (please see our legal disclaimer.)

Rayhunter works by intercepting, storing, and analyzing the control traffic (but not user traffic, such as web requests) between the mobile hotspot Rayhunter runs on and the cell tower to which it’s connected. Rayhunter analyzes the traffic in real-time and looks for suspicious events, which could include unusual requests like the base station (cell tower) trying to downgrade your connection to 2G which is vulnerable to further attacks, or the base station requesting your IMSI under suspicious circumstances.

top 3 comments
sorted by: hot top controversial new old
[–] [email protected] 5 points 3 days ago (1 children)

Previous solutions have also focused on attacks on the legacy 2G cellular network, which is almost entirely shut down in the U.S. Seeking to learn from and improve on previous techniques for CSS detection we have developed a better, cheaper alternative that works natively on the modern 4G network.

Calling the 4G network "modern" is a bit of a stretch at this point. As they said, previous attempts at this have been 2G so it's cool to see something for a newer standard, but it's about 5 years too late for 4G.

[–] cardfire 7 points 2 days ago* (last edited 2 days ago) (1 children)

interesting and highlights the dated nature of some of our technologies however your conclusion may be heavily localized, friend.

For example, traveling to Korea as a visitor, without a residency visa, you're only able to get prepaid mobile services, which are only allowed on the 4G networks of all three carriers.

The 5G services are exclusively available for postpaid subscribers, the vast overwhelming majority of which are citizens, and many of which will still be on 4G-only handsets because of income and device reasons, despite a comprehensive 5G build-out that should be the end of much of the world.

So, targeting the 4G network for testing could still be informative in many places. Places with state-run news agencies, or places that receive internationally subsidized technology transfers for their self services, likely to have Huawei tower gear somewhere in their stack.

[–] [email protected] 2 points 20 hours ago* (last edited 20 hours ago)

Don't get me wrong, I bought one of these right away, hoping to see some interesting data.

But, we are talking about network technology from 2008... it's kind of like announcing that you've developed a tracking exploit for Bluetooth 3.0, or that you can reliably take over user accounts in AIM.