Cell-site simulators, also known as stingrays, are portable devices that mimic cell phone towers, allowing law enforcement to capture information from nearby phones. These devices are widely used in the U.S., U.K. and Canada to track down suspects or collect data during investigations.
When a cell-site simulator is activated, it sends out a signal that forces nearby cell phones to connect to it. This means that all data sent and received on the phone, such as call logs, text messages and even location data, can be captured by the device. The data collected can be used to track the movements of a specific individual or to identify other potential suspects.
To protect yourself against cell-site simulators, it’s important to take a few simple precautions. One way is to use a VPN, which encrypts all of your online activity, including location data. Another option is to turn off your phone’s Wi-Fi and Bluetooth when you’re not using them, as these connections can also be used to track your location.
It’s also recommended to only use secure messaging apps that use end-to-end encryption, such as Signal or WhatsApp, to protect your messages from being intercepted. Additionally, regularly deleting your call logs and clearing your browsing history can help minimize the amount of information that can be captured by cell-site simulators.
While there is currently no foolproof way to protect yourself from cell-site simulators, taking these precautions can help reduce the amount of data that is collected and keep your personal information private
For those concerned about government surveillance, the term “StingRay” has likely cropped up in discussions revolving around law enforcement’s tracking of cell phone signals. In this article, we’ll aim to provide a definitive breakdown of exactly what a StingRay is, how it operates, and methods for blocking StingRay surveillance.
It should be noted that the term “StingRay” is often used as a catch-all label, despite only referencing a singular type of equipment. A more accurate, overarching descriptor for these tools is “IMSI catcher,” or “cell-site simulator.” An IMSI (international mobile subscriber identity) is essentially the unique identifier assigned to every SIM card, and collectives of these identifiers can then be tracked through cell networks.
Though the blanket moniker “StingRay” is sometimes used, there are actually several varieties of these IMSI catchers currently in use, some more advanced than others. Further discussion of these different types and their capabilities is covered later on in this article.
Blocking StingRay tracking is possible via several approaches, including the use of VPNs or network selection. Understanding the methods of a StingRay’s operation and usage can help the public become better informed about the potential for surveillance and methods of protection.
Key Takeaways:
1.StingRay devices are just one type of IMSI-catcher that targets legacy 2G or GSM networks by mimicking a cell tower that your phone then connects to.
2.Protecting yourself against StingRays in particular means disabling 2G on a jailbroken device, living in an area with true 5G connectivity, or always using a VPN when connecting to mobile data.
3.Many 5G networks are actually just 4G networks with upgraded speed, meaning it can be hard to tell if you’re protected by 5G’s security features or not.
4.Currently, there is no legislation in the U.S. that limits the use of cell-site simulators for surveillance, but there is a pending bill that aims to require police and other governmental agencies to obtain a warrant before deploying one.
How to Block Stingray Surveillance
We’ll start out our guide by looking at what a StingRay is and how it differs from more modern solutions. Then we’ll explain the most basic steps you can take to protect yourself against StingRay surveillance.
What Is StingRay Surveillance?
StingRays essentially function by tricking your phone into thinking that the surveillance device is a cell tower. This results in your phone routing any traffic — such as text messages, web queries or phone calls — through the device. If this traffic isn’t encrypted, whoever operates the StingRay device will be able to access all of it.
Although it’s often used as a blanket term, a StingRay device is just one type of a class of devices known as “IMSI catchers” or “cell-site simulators.” It only operates on 2G networks, which makes it less useful for law enforcement with every passing year as 4G and eventually 5G networks take over.
Because of this, StingRays aren’t as useful as they used to be. Luckily for law enforcement and surveillance agencies, it’s not the end of the line for this type of technology.
StingRay vs Hailstorm
Although StingRays are limited to tracking cell phone users connected over a legacy 2G network, the same company that produced the StingRay (the Harris Corporation) also manufactures a device known as Hailstorm (or simply “StingRay II”).
Where StingRays can only intercept data over 2G, a Hailstorm device operates on 3G and 4G networks, which make up the vast majority of cellular networks worldwide.
Unlike with StingRays and similar devices, protecting yourself against a Hailstorm attack is much more difficult. Unless you live in an area with true 5G networks (more on that later), your only chance of keeping information like SMS messages safe from Hailstorm devices is to always use a VPN.
Block StingRay by Disabling 2G
The most straightforward way to protect yourself against StingRay attacks is to disable 2G networking on your phone. Unfortunately, very few phone manufacturers allow you to do this, with all of the big companies (such as Apple and Samsung) only letting you disable 3G or 4G.
To get around this, you can jailbreak or root your phone and install third-party software such as the Xposed Framework to disable 2G connections. That said, this only protects you if your phone connects directly to a 2G network, but not against the security vulnerability in 3G and 4G cellular networks that automatically switches the signal to 2G if needed.
What’s worse is that the StingRay in itself is an outdated technology. Law enforcement agencies also have access to more modern cell-site simulators that target 3G and 4G networks, making them much harder to avoid entirely.
In fact, U.S. carriers are in the process of phasing out their 2G networks. AT&T stopped servicing their 2G network in 2017 and Verizon did in 2020. Sprint and T-Mobile aren’t quite as far along, but they also plan to phase out their 2G networks by December 2021 and December 2022, respectively.
Can VPNs Protect You From Other Cell-Site Simulators?
Partially, yes. Although a virtual private network will garble any data or traffic that’s picked up by IMSI catchers, such as a StingRay device, it won’t be able to hide your physical location (or, at least, that of your device).
Standard text messages also won’t be protected, so make sure you use an alternative messaging app like WhatsApp, Signal or even Facebook Messenger if you want your messages covered by the VPN.
That said, protecting the contents of your data is probably more important than the fact that your device was located somewhere, unless you’re currently evading a manhunt. Besides, law enforcement doesn’t even need a cell-site simulator such as a StingRay if all they need is your location, as this can be found out by triangulating regular cell-phone towers or your GPS signal.
Law Enforcement Agencies
The main usage of cell-site simulators comes from law enforcement. Although you might think that using these devices requires a warrant, much like tapping someone’s phone, that is not the case. Cell-site simulators have long existed in a sort of legal gray area, which has allowed police to use them indiscriminately.
That said, a bill has been introduced in the United States Congress that would require law enforcement to obtain a warrant before deploying such a device, but whether or not it becomes law remains to be seen.
Intelligence Agencies
Given the murky legal nature of cell-site simulators, it’s not surprising that they’re widely used by intelligence agencies such as the NSA or CIA.
The relative lack of oversight these types of organizations enjoy makes it difficult to determine exactly how widespread this type of surveillance is. The American Civil Liberties Union found 75 different agencies — including the FBI, DEA and NSA — make use of this type of surveillance.
Hackers
Although there’s nothing stopping hackers and cybercriminals from using cell-site simulators to access people’s data, their cost and the need to be in physical proximity to the target device make them much less attractive than other types of attacks for any but the most focused and dedicated cybercrime operations.
5G Networks: A Solution?
The solution to all of this is true 5G. As opposed to 3G and 4G networks, 5G does not automatically reroute traffic through 2G without you knowing it. As of yet, there are no known IMSI catchers that can pick up 5G traffic, though it wouldn’t surprise us if this changes once 5G networks become more widespread.
The reason 5G networks are safer from surveillance by law enforcement officials is that they ditch the IMSI — which is unencrypted and permanent — for the encrypted SUPI (subscription permanent identifier) and the unencrypted SUCI (subscription concealed identifier), which can’t be used to identify you because it’s reset with each connection.
That said, 5G networks are still relatively rare, so we wouldn’t be surprised if a “SUPI catcher” is already in the works somewhere.
Real & “Fake” 5G Networks
Since 5G networks don’t have the same security vulnerabilities as 4G, you might think you’re safe from surveillance once you see that you’re connected to a 5G network. Unfortunately, most 5G networks are still really just 4G, but with upgraded speed and bandwidth.
This means that even though it looks like you’re connected to 5G on your device, the underlying technology is still 4G, which leaves you vulnerable to Hailstorm devices.
Unfortunately, you as the end user won’t really be able to tell whether the 5G network you’re connecting to is true 5G or simply upgraded 4G. The only option you have for finding out is to contact your phone carrier and ask them, but whether or not you’ll get a truthful answer depends on the company.
Preventing StingRay Technology: Concluding Thoughts
In conclusion, it is evident that StingRays and similar devices pose a significant threat to our privacy and security. While legislation to regulate the use of these devices is in progress, it’s crucial to take precautions to safeguard ourselves from these invasive techniques. The use of VPNs and encrypted messaging apps is an effective way to protect ourselves from cellular surveillance.
Our guide has shed light on how federal law enforcement, intelligence agencies, and police departments monitor mobile devices. We hope that after reading this guide, you have a better understanding of how cellular surveillance works and the steps you can take to protect yourself and your data.
If you feel that we missed any vital information or have more insights into safeguarding against cellular surveillance, please let us know in the comments below. Thank you for taking the time to read this guide on protecting yourself from invasive cell phone surveillance techniques.