a.x61.sh

Meet Rayhunter: A New Open Source Tool from EFF to Detect Cellular Spying (www.eff.org)
from badwetter@kbin.melroy.org to privacy@lemmy.ml on 26 Mar 2025 14:10
https://kbin.melroy.org/m/privacy@lemmy.ml/t/817467

Rayhunter is a new open source tool we’ve created that runs off an affordable mobile hotspot that we hope empowers everyone, regardless of technical skill, to help search out cell-site simulators (CSS) around the world.

#privacy

threaded - newest

Tiger@sh.itjust.works on 26 Mar 2025 14:56 next collapse

That pretty awesome, will try to get it.

SnotFlickerman@lemmy.blahaj.zone on 26 Mar 2025 15:36 next collapse

From the Github:

Rayhunter has been built and tested for the Orbic RC400L mobile hotspot. It may work on other orbics and other linux/qualcom devices, but this is the only one we have tested on.

Still very cool, but very, very limited options for using it.

On the plus side, it at least seems like a relatively inexpensive option, only $19 on Amazon.

To be clear, I’m only linking to it on Amazon because it is sold out from the manufacturer itself. Due to being sold out, I assume, Orbic doesn’t even list a price for it.

Another important note from the Github (emphasis not mine):

THIS CODE IS A PROOF OF CONCEPT AND SHOULD NOT BE RELIED UPON IN HIGH RISK SITUATIONS!

ssroxnak@lemmy.world on 26 Mar 2025 15:57 next collapse

I’ve seen them cheaper on ebay

SnotFlickerman@lemmy.blahaj.zone on 26 Mar 2025 17:16 collapse

The real issue, whether on Amazon or ebay, is that only a handful on ebay are listed as “unlocked” to be used on cellular networks other than Verizon.

MaddestMax@lemmy.world on 27 Mar 2025 04:03 collapse

Fwiw: I’ve been using a Verizon locked one without ever activating the sim. It works just fine as a Rayhunter. It just doesn’t work as a hotspot.

SnotFlickerman@lemmy.blahaj.zone on 27 Mar 2025 04:06 next collapse

Dope, thanks for the heads up

TheTurner@lemm.ee on 28 Mar 2025 05:58 collapse

Good to know. I need to flash the one I purchased a few weeks ago. Just got busy and forgot.

MaddestMax@lemmy.world on 30 Mar 2025 04:33 collapse

I feel ya. It’s crazy easy. I was surprised. Then, just wardrive. 😊

Aphelion@lemm.ee on 26 Mar 2025 17:10 collapse

They’re $11 on eBay.

pietervdvn@lemmy.ml on 26 Mar 2025 15:38 next collapse

Will this work in Europe?

SnotFlickerman@lemmy.blahaj.zone on 26 Mar 2025 15:46 collapse

justanswer.com/…/h3j0m-orbic-mifi-trying-active.h…

This thread seems to imply that it could work in Europe for US Verizon customers, but I can’t find much else about whether or not it directly supports European cellular radio bands.

marauding_gibberish142@lemmy.dbzer0.com on 26 Mar 2025 16:22 next collapse

Can this be made into an android app to hook into android’s APIs for their modem? I think that would make it a lot more portable

SnotFlickerman@lemmy.blahaj.zone on 26 Mar 2025 16:27 collapse

Maybe? The Orbic is fully Linux whereas Android is a locked down heavily modified version Linux with a lot of differences in the codebase.

Androids only work as a WiFi hotspot. I could be wrong but I am not aware of any with cellular hotspot capability. You would need it running as a cellular hotspot for it to detect the stingrays.

marauding_gibberish142@lemmy.dbzer0.com on 26 Mar 2025 16:31 next collapse

Ah, I missed that crucial part, apologies. I’m not very well versed with cellular standards: I would assume that Qualcomm is not very OpenSource friendly. Is there any other manufacturer they could use?

Aux@feddit.uk on 26 Mar 2025 23:48 next collapse

There are no heavy Linux modifications in Android.

ReversalHatchery@beehaw.org on 28 Mar 2025 02:40 collapse

what do you mean by cellular hotspot? working as a CSS itself?

jagged_circle@feddit.nl on 27 Mar 2025 05:16 next collapse

Are we saying CSS instead of IMSI catchers now? Why?

miracleorange@beehaw.org on 27 Mar 2025 19:16 collapse

Looks like they aren’t using “IMSI catcher” because it only covers one of the uses of those devices.

jagged_circle@feddit.nl on 28 Mar 2025 04:49 collapse

Can you elaborate?

miracleorange@beehaw.org on 28 Mar 2025 09:42 collapse

It says in the article.

Law enforcement use CSS to pinpoint the location of phones often with greater accuracy than other techniques such as cell site location information (CSLI) and without needing to involve the phone company at all. CSS can also log International Mobile Subscriber Identifiers (IMSI numbers) unique to each SIM card, or hardware serial numbers (IMEIs) of all of the mobile devices within a given area. Some CSS may have advanced features allowing law enforcement to intercept communications in some circumstances.

jagged_circle@feddit.nl on 28 Mar 2025 17:05 collapse

All of that should be doable with IMSI catchers, no? Except it would certainly allow intercepting communications.

rekabis@programming.dev on 28 Mar 2025 05:37 collapse

run an install script for either Mac or Linux (we do not support Windows as an installation platform at this time.)

I always find it deeply ironic that valuable tools that are meant to protect people are released in forms that exclude an overwhelming proportion of the people who could use it.

It was the same issue with Ladybird browser up until a month or so ago - they were projecting Windows support only some time in 2027 to 2029. Like, how the hell are you supposed to achieve a critical mass of eyeballs when the vast majority of people who would love to test the product just don’t have the platform to run it on? It’s ideological shortsightedness at its kindest characterization. And I wouldn’t be kind.

Plus, DotNet is almost trivially cross-platform these days and almost ridiculously easy to develop with… for something like an install script you really don’t have an excuse to not hit all three platforms anymore.

utopiah@lemmy.world on 28 Mar 2025 06:08 next collapse

Then please help github.com/EFForg/rayhunter/issues/65

sik0fewl@lemmy.ca on 28 Mar 2025 06:16 next collapse

Make sure to lodge a complaint with Microsoft about how their OS is incompatible with almost everything else.

HiddenLayer555@lemmy.ml on 28 Mar 2025 06:28 collapse

I agree with everything you said except for this:

Plus, DotNet is almost trivially cross-platform these days and almost ridiculously easy to develop with… for something like an install script you really don’t have an excuse to not hit all three platforms anymore.

But so is Java. Or Kotlin. Or Rust. Or Python. Hell, even JavaScript is acceptable for a simple GUI program that’s meant to be run once to install the real program.

And those are open source and don’t have Microsoft telemetry in the build tools AND IN THE RUNTIME!!! So you now have to taint your Linux or Mac system by installing the JVM we have at home.